You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Syria-Lebanon-Iran
Stuxnet virus used on Iran was 1 of 5 cyberbombs
2011-12-30
Russian researchers say crippling computer virus unleashed on Iran in 2010 has at least four 'cousins'
Be afraid, O Mullahs. Be very, very afraid. Look -- squirrel!!
The Stuxnet virus that last year damaged Iran's nuclear program was likely one of at least five cyber weapons developed on a single platform whose roots trace back to 2007, according to new research from Russian computer security firm Kaspersky Lab.
 
Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter.

A Pentagon front man on Wednesday declined comment on Kaspersky's research, which did not address who was behind Stuxnet.
 
Stuxnet has already been linked to another virus, the Duqu data-stealing trojan, but Kaspersky's research suggests the cyber weapons program that targeted Iran may be far more sophisticated than previously known.
 
Kaspersky's director of global research & analysis, Costin Raiu, told Rooters on Wednesday that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.
 
Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules.
 
"It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said.
 
Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d."
 
'Fairly certain' that malware existed

Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin.
 
When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said.
 
Kaspersky recently discovered new shared components that search for at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he added.
 
Those modules handle tasks including delivering the malware to a PC, installing it, communicating with its operators, stealing data and replicating itself.
 
Makers of anti-virus software including Kaspersky, US firm Symantec Corp and Japan's Trend Micro Inc have already incorporated technology into their products to protect computers from getting infected with Stuxnet and Duqu.
 
Yet it would be relatively easy for the developers of those highly sophisticated viruses to create other weapons that can evade detection by those anti-virus programs by the modules in the Tilded platform, he said.
 
Kaspersky believes that Tilded traces back to at least 2007 because specific code installed by Duqu was compiled from a device running a Windows operating system on August 31, 2007.
Posted by:trailing wife

#6  That's just what the Russkies want Iran to think.,,,
Posted by: Barbara   2011-12-30 22:18  

#5  Here's a commentary on the linked article in the same issue of Nature . An easier read that calls out the implications of this work.
Posted by: lotp   2011-12-30 16:53  

#4  Not quite true, unfortunately.

Yes, there are different systems in place. However, it's not hard to identify scenarios in which targetted cyber attacks cause power feedback loops that essentially cascade throughout one of the very large regional networks. Moreover, the power grid doesn't stand alone - it is interdependent with the communications grid. Failures can and would cascade across both networks in the event of an attack.

Those interested in an example could download this article from the journal Nature, which analyzed the vulnerabilities of interdependent networks as demonstrated by the cascading failures that shut down most of Italy's power and communications grids in 2003.

At the time many suspected a terror attack on the grounds that the blackout spread so widely and so quickly. The article linked above shows how networks that are interdependent become much more fragile under certain conditions than they would be if they stood alone. That fragility can result in catastrophic cascades of failure across both networks at once.
Posted by: lotp   2011-12-30 16:45  

#3  The US power grid is not a major worry, oddly enough, because subsystems use completely different and incompatible software, and interconnectivity is based on just crude transfer of energy. Yet this effectively insulates the entire grid from cyber attack. Only one part can be taken down at a time.
Posted by: Anonymoose   2011-12-30 09:41  

#2  Not so good if it hits, say, our power distribution system in the US, tho.
Posted by: lotp   2011-12-30 09:21  

#1  "It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said.

Sweet! I wonder if any self-modifying or self-deleting code was involved. Good stuff.
Posted by: gorb   2011-12-30 03:03  

00:00