background preloader

Le ver Stuxnet

Facebook Twitter

Ver Stuxnet : l'Iran dit avoir identifié et arrêté des espions. Stuxnet worm mystery: What's the cyber weapon after? Top industrial control systems experts have now gleaned enough about the Stuxnet worm to classify it as a cyber superweapon. But the mystery of what its target is – or was – remains unsolved, though guesswork about its mission is intensifying among those who have studied Stuxnet's complicated code. Skip to next paragraph Subscribe Today to the Monitor Click Here for your FREE 30 DAYS ofThe Christian Science MonitorWeekly Digital Edition Educated guesses about what Stuxnet, described as the world's first cyber guided missile, is programmed to destroy include the reactor for Iran's new Bushehr nuclear power plant, as well as Iran's nuclear fuel centrifuge plant in Natanz.

Both facilities are part of Tehran's nuclear program, which Iranian officials say is for peaceful purposes but that many other countries, including the United States, suspect are part of an atom-bombmaking apparatus. Ralph Langner is no Middle East policy wonk or former diplomat privy to insider information. This week, Mr. Encyclopedia Search Results: stuxnet - Learn more about malware - Microsoft Malware Protection Center. Stuxnet. Global Economy - Stuxnet worm causes worldwide alarm.

Le ver informatique Stuxnet alimente les fantasmes de complot. Spécial sécurité : Stuxnet, intox à tous les étages::Sécurité. Miami: "Cyber guerre", 42e edition, et fichiers MOF. Did The Stuxnet Worm Kill India’s INSAT-4B Satellite? - The Firewall - the world of security. Stuxnet, vrais ZDE , faux ZDE et intox à tous les étages. Exploring Stuxnet’s PLC Infection Process | Symantec Connect. We first mentioned that W32.Stuxnet targets industrial control systems (ICSs) -- such as those used in pipelines or nuclear power plants -- 2 months ago in our blog here and gave some more technical details here.

While we are going to include all of the technical details in a paper to be released at the Virus Bulletin Conference on September 29th, in recent days there has been significant interest in the process through which Stuxnet is able to infect a system and remain undetected. Because Stuxnet targets a specific ICS, observing its behavior on a test system can be misleading, as the vast majority of the most interesting behavioral characteristics simply will not occur. When executed, one of the behaviors that one may immediately see is Stuxnet attempting to access a Programmable Logic Controller (PLC) data block, DB890. This data block is actually added by Stuxnet itself, however, and is not originally part of the target system. 1. 2. 3. 4. Stuxnet, le ver qui attaque des sites sensibles. 01net le 24/09/10 à 17h03 « Le code est relativement classique, mais intéressant d'un point de vue technique, puisqu'il consiste en un cheval de Troie doublé de technologies de type rootkit pour le rendre invisible », commente Eric Filiol, expert en sécurité et directeur du centre de recherche du groupe ESIEA (1).

Qui ajoute que la bestiole, décidément coriace, utilise aussi des certificats numériques Verisign volés (à la firme Realtek, notamment) pour faire passer pour authentiques les pilotes Windows dont il a besoin. A l’assaut des systèmes industriels Ce qui a étonné les experts en sécurité, c'est autant la qualité du code que la cible de Stuxnet. Car ce ver ne s'intéresse pas, comme les autres malwares, au PC de monsieur tout-le-monde, mais à des systèmes de contrôle industriels, que l'on trouve sur des sites sensibles : usines, centrales nucléaires ou de gestion de l'eau et on en passe.

Des mécaniques pointues, mais assurément parfaitement connues des créateurs de ce ver atypique. Comment Stuxnet a-t-il usurpé une signature Microsoft. 01net. le 01/10/10 à 16h59 Comment Windows reconnaît l'origine des pilotes ? Cela s'appuie sur un principe de signature numérique basée sur de la cryptographie asymétrique. C'est-à-dire que le constructeur dispose d’une paire de clés, l’une publique et l’autre privée. Le principe de cette cryptographie asymétrique est que ce que l’on chiffre avec une des clés de la paire doit être déchiffré avec l’autre clé. Comment les constructeurs font-il signer leurs pilotes ?

Pour réaliser une signature, le constructeur fait une empreinte du pilote (un hash, c’est-à-dire un résumé qui change massivement à la moindre modification d’un seul bit dans le driver) qu’il chiffre avec sa clé privée (qu’il est le seul à connaître). Pour vérifier qu'un driver vient bien de chez le constructeur, il faut d'un part en calculer le hash et parallèlement, déchiffrer la signature avec la clé publique. Comment produire une vraie fausse signature ? Le ver Stuxnet continue les ravages aux Pays-Bas - Sécurité sur L'Informaticien. Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant? Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. Skip to next paragraph Subscribe Today to the Monitor Click Here for your FREE 30 DAYS ofThe Christian Science MonitorWeekly Digital Edition The cyber worm, called Stuxnet, has been the object of intense study since its detection in June.

As more has become known about it, alarm about its capabilities and purpose have grown. At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat. The appearance of Stuxnet created a ripple of amazement among computer security experts. Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. But it gets worse. L'Iran arrête des «espions» après les attaques de Stuxnet - Actualités Sécurité. Un responsable du renseignement iranien a déclaré que les autorités avaient arrêté plusieurs «espions» liés aux cyber attaques visant son programme nucléaire. Selon l'agence de presse Mehr News Agency basée à Téhéran, Heydar Moslehi, le ministre iranien de la sécurité intérieure, a déclaré que «les services espions ennemis" sont responsables de Stuxnet, un ver sophistiqué qui a infecté au moins 30 000 PC sous Windows dans le pays, dont certains situés à la centrale nucléaire de Bushehr.

Le ministre a affirmé que son ministère avait mis à jour "des actions destructrices et arrogantes menées par l'Occident dans le cyber-espace", et a déclaré que des mesures défensives avaient été mises en place pour sécuriser les systèmes d'information iraniens et ses installations nucléaires. Le ver, lancé en juin 2009, n'a été connu du public qu'un an plus tard. Il s'est fait remarqué par sa capacité à infiltrer les réseaux et à flairer les systèmes Scada de contrôle industriel. Expert: Stuxnet was built to sabotage Iran nuclear plant | InSecurity Complex. An industrial control security researcher in Germany who has analyzed the Stuxnet computer worm is speculating that it may have been created to sabotage a nuclear plant in Iran.

The worm, which targeted computers running Siemens software used in industrial control systems, appeared in July and was later found to have code that could be used to control plant operations remotely. Stuxnet spreads by exploiting three holes in Windows, one of which has been patched . The high number of infections in Iran and the fact that the opening of the Bushehr nuclear plant there has been delayed led Ralph Langner to theorize that the plant was a target. Langner gave a talk on the subject at the Applied Control Solutions' Industrial Control Cyber Security conference today and published details of his code analysis on his Web site last week.

As one of his data points, Langner refers to a UPI screenshot of a computer screen at the Bushehr plant running the targeted Siemens software. Iran arrests 'nuclear spies,' intelligence chief says. Iranian Intelligence Minister Heydar Moslehi, seen in a 2009 photo, announced the arrests of "nuclear spies. " Iran is thought to have been the target of a sophisticated new computer virusDelivering the virus would have required insider information, a security expert told CNNIran denies that its nuclear program was compromisedIsrael and the United States fear Iran wants to build a nuclear bomb, but Tehran denies it (CNN) -- Iran arrested a number of "nuclear spies," its intelligence minister said, in the wake of widespread reports of a sophisticated new computer virus that may have been aimed at Iran. Intelligence Minister Heydar Moslehi made the announcement Saturday, without giving any details, Iran's semiofficial Mehr news agency reported.

Iran is widely thought to have been the most likely target of the Stuxnet virus, which a top computer security expert told CNN was "the most complex piece of malware in the history of computing. " CNN's Atika Shubert contributed to this report.