Tag Archives: Trojan

[WTF] Did Stuxnet Sabotage Iran’s Nuclear Facilities?

Newspapers are full of speculations and details about this unique piece of software code, that obviously is a work by a government.Stuxnet used 4-zero-day exploits to infect computer networks running with Microsoft Windows. It was compatible to Windows 2000, Windows XP, Windows Vista and Windows 7.

The Register writes:

(..) the Stuxnet worm was programmed to probe the hosts it infected for extremely specific settings. Unless it identified the hardware fingerprint it was looking for in industrial software systems made by Siemens, it remained largely dormant.

Experts say the quality of code is very sophisticated, there are nearly no side effects. It is estimated that the costs of the development of a virus of that quality goes into the millions of dollars. It also shows a very detailed knowledge of the attacked facilities.

There are some indications that Iran’s nuclear facilities in Natanz were the target of that virus.

The downside is we suspect this is the beginning of large scale cyber attacks. I don’t think that western Nulear Facilities are safe from such attacks. Let’s all hope the best. This virus is simply a nightmare.

Links

Update

A short overview on the articles published show, that almost all of them cite german security specialists Frank Rieger (member of Chaos Computer Club) or Ralph Langner (Founder of Langner.com).

[Virus] First Mac Zombies in iBotnet

In their latest “Virus Bulletin” Symantec employees report that obviously the first Mac OS based botnet has appeared. They call it the iBotnet. Two trojan malwares could be identified as:

  • OSX.Iservice
  • OSX.Iservice.B

Technique

The trojans aim at gaining the user password or the root password – depending on what configuration you’re running. By default the “root” account is disabled on OS X and therefore user rights are getting leveled in certain situations. When having gained the user or root password the system is compromised and gets added to the botnet.

Distribution

Both these files are getting distributed currently via peer2peer networks like bittorrent. The trojans are included in illegal copies of

  • iWork09 and
  • Adobe Photoshop CS 4

Dissemination

It is estimated that some thousand Macs are already infected.

Behaviour

There is strong revealing that the botnet already has been used for Distributed-Denial-of-Service (DDoS) attacks using a PHP script.

Conclusion

From analyzing the trojans the Symantec guys reason that there might also be other versions already in the wild, since it seems to be a kinda flexible and expandable technique. Our recommendation: get yourself a virus scanner for your Mac, asap.