Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Gauss

Nigerian scams, chain letters, pyramid schemes and anything not auction related.
Post Reply
User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Gauss

Post by Foggyone » Mon Apr 25, 2011 8:59 pm

Iran says targeted by second computer virus

The story doesn't offer a lot of substance.
"The particular characteristics of the Stars virus have been discovered," Jalali said. "The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations."

Jalali warned that the Stuxnet worm, discovered in computers at Iran's Bushehr nuclear reactor last year, still posed a potential risk. Some experts described it as the world's first "guided cyber missile", aimed at Iran's atomic program.
I think that any cyber attack against any NZ target would find little resistance from the latest Government legislation. While the Gov. attempts to limit Kiwis ri8ghts, this type of thing is much more dangerous, and should be engaging the pollys attention.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attack

Post by digidog » Sun Feb 05, 2012 10:01 pm

The Herald is running a cyberwar story that provides more background to the Stuxnet worm. It would appear that
more than 30 programmers were involved in its creation, indicating that it was commissioned by a government
rather than any criminal hacking group. There have been few infections in the US and Europe, leading to suggestions
that agencies in Israel and the United States may be behind the worm.
With its stolen seal of authenticity, the self-replicating virus foraged through thousands of computers around the world.

It was searching for grey plastic boxes the size of a pack of crayons, called programmable logic controllers (PLC), tiny
computers most people have never heard of but which lie at the heart of modern life.

PLCs regulate machinery in factories and power plants, open and shut valves in water pipes, change traffic lights from
red to green, dollop out the cream in cookies and speed and slow the spinning of uranium centrifuges.

http://www.nzherald.co.nz/compute/news/ ... d=10781736" onclick="window.open(this.href);return false;
Apparently the worm carries a self-destruct date of June 24th this year. Another clue that a "responsible" government
is behind the software.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attack - Stuxnet

Post by digidog » Tue Jun 05, 2012 2:20 am

The NYT is running a story stating that the US under Bush in partnership with the Israeli government created Stuxnet,
then somehow "lost control of it". That's led to speculation that the US is probably behind the latest "Flame" malware
that's causing havoc around the world.

There's no mention about the US being sued for this act of international terrorism.

http://www.nytimes.com/2012/06/01/world ... -iran.html" onclick="window.open(this.href);return false;

http://arstechnica.com/tech-policy/2012 ... rol-of-it/" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Starwars Attack - Stuxnet

Post by Foggyone » Tue Jun 05, 2012 8:20 am

digidog wrote:
There's no mention about the US being sued for this act of international terrorism.
It's only terrorism when "they" do it to "us". When "we: do it to "them", it's a clever use of technology. Or so the "Ends justify the means" crowd would have it.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attack - Stuxnet

Post by digidog » Tue Jun 12, 2012 12:14 am

New Scientist reports that a study carried out by Kaspersky Lab and commissioned by the UN proves that the US and Israeli
governments are responsible for the Stuxnet worm, the Duqu trojan and now the Flame virus. The latter has caused massive
document losses in hundreds of Middle East networks. A coding error allowed Stuxnet to escape into the wild - the US and
Israel blame each other for this terrorist act.

http://www.newscientist.com/blogs/onepe ... -code.html" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attack - Stuxnet

Post by digidog » Tue Dec 18, 2012 9:38 pm

It looks like the US and Isreali governments have released another deadly virus upon the world. This one is called Batchwiper.
It apparently targets Iranian computers and sounds like a nasty little bugger.
...the malware systematically wipes any drive partitions starting with the letters D through I, along with any files stored on the
Windows desktop of the user who is logged in when it's executed, according to security researchers who independently
confirmed the findings.

http://arstechnica.com/security/2012/12 ... r-program/" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attack - Stuxnet

Post by digidog » Tue Dec 18, 2012 10:08 pm

Kaspersky Labs have analysed GrooveMonitor and say it's pretty basic - it's due to fire off its payload on these dates:
Dates:
2012/12/10-12
2013/01/21-23
2013/05/06-08
2013/07/22-24
2013/11/11-13
2014/02/03-05
2014/05/05-07
2014/08/11-13
2015/02/02-04
And the authors have made one little error - they included a 16-bit SLEEP file. While it's not malicious, 16-bit files don't run on 64-bit versions of
Windows which sort of gives the game away.

https://www.securelist.com/en/blog/2081 ... er_Copycat" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet Duqu, Flame, Red October

Post by digidog » Tue Jan 15, 2013 9:39 pm

Ars reports the discovery of another massive malware attack which has been targeting governments undetected for 5 years. This is another clever piece of programming featuring a complex network of command-and-control servers, similar to those used by Stuxnet, Duqu and Flame. At this stage the authors are unknown, but the most targetted countries were the Russian Federation, Kazakhstan, Azerbaijan, Belgium, India, Afghanistan, Armenia, Iran, and Turkmenistan.

Look carefully at the map in the first Ars link - no machines in China were compromised. Is that a clue?
The command-and-control infrastructure that receives the stolen data uses more than 60 domain names as proxy servers to obscure the final destination. These domains are believed to funnel data to a second tier of proxy servers, which in turn are believed to send the information to a "mother ship" that Kaspersky researchers still know little about. The ability of the infrastructure to shield the identity of the attackers and to resist takedown efforts rivals the command-and-control system used by Flame, the espionage malware reportedly developed by the US and Israel to spy on Iran. The Red October malware itself has remained undetected on more than 300 PCs and networks for more than five years.

One novel feature contained in Red October is a module that creates an extension for Adobe Reader and Microsoft Word on compromised machines. Once installed, the module provides attackers with a "foolproof" way to regain control of a compromised machine, should the main malware payload ever be removed.

http://arstechnica.com/security/2013/01 ... s-of-data/" onclick="window.open(this.href);return false;
However the people behind the virus weren't complete geniuses.
At some point, the site stopped executing the malicious code when people visited the address that hosted it. Instead, the page began displaying the source code for the PHP script, giving the world a rare peak inside the espionage campaign. The source code leakage isn't the only apparent mistake that has helped researchers uncover the Red October campaign. Attackers also allowed the several command and control domain names hardcoded into the malware to remain unregistered. The omission allowed Kaspersky researchers to obtain the Internet addresses so they could be observed as commandeered machines reported for updates.

http://arstechnica.com/security/2013/01 ... nfect-pcs/" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet Duqu, Flame, Red October, Gau

Post by digidog » Fri Mar 15, 2013 1:53 am

Ars has a good overview of these US/Israeli sponsored malware attacks including the latest variant called Gauss. Oddly, the Gauss version installs a font called "Palida Narrow" on infected machines and that in turn makes it easier to identify. In general you (theoretically) have nothing to fear unless you're based in Lebanon, but who knows for sure?

https://www.securelist.com/en/blog/724/ ... n_of_Gauss" onclick="window.open(this.href);return false;

Some of the cryptology is mind-boggling, but it gives you a good idea of how sophisticated malware can be when there's huge budgets supporting its development.

http://arstechnica.com/security/2013/03 ... t-stuxnet/" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Ga

Post by Foggyone » Fri Mar 15, 2013 2:42 am

What a truely interesting development. Without knowing the intended target (and language) it's like looking for a needle in an almost infinite number of haystacks. This should keep the boffins engaged for years.

And the next question. Is Window 8 susceptible?
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Ga

Post by digidog » Fri Mar 15, 2013 3:15 am

Foggyone wrote:Is Window 8 susceptible?
Keeping in mind the "owner" of this dastardly malware, I'd take a guess that there's been a handy backdoor or three built into Windows 8 right from the start.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

South Korea Closed For Business

Post by Foggyone » Wed Mar 20, 2013 5:49 pm

South Korea Under Cyber Attack
March 20, 2013

SEOUL – Three South Korean broadcasters and two banks were hit by a major cyber attack this afternoon, in an apparently successful attack that has rendered system-wide computer networks unusable since 1400KST (0100EST).

KBS, MBC and YTN were all hit by the attack, as were Shinhan and Nonghyup banks, South Korean news agency Yonhap reported.
Everyone is saying "Of course it was North Korea". Just a week ago North Korea had problems and said "It was South Korea and their devilish friends USA"

The computer screen shown (HP) will almost certainly be running a version of Windows. Would be interesting to know which version proved susceptible to this attack.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Gauss

Post by digidog » Wed Jun 10, 2015 11:19 pm

Duqu rears its ugly head again. This time Kaspersky, one of the world's leading anti-virus software manufacturers, has been hacked.
Kaspersky Lab said that it had detected the breach in the "early spring", and described it as "one of the most sophisticated campaigns ever seen".

The malware does not write any files to disk, but instead resides in affected computers' memory, making it relatively hard to detect.

Kaspersky linked the attack to the unidentified creators of an earlier Trojan named Duqu, which made headlines in 2011 after being used in attacks on Iran, India, France and Ukraine.

As before, the hackers are said to have exploited Microsoft software to achieve their goal.

Last time they made use of a flaw in Word.

This time, Kaspersky said, the malware was spread using Microsoft Software Installer files, which are commonly used by IT staff to install programs on remote computers.

"This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive - the costs must have been very high," commented Costin Raiu, director of Kaspersky Lab's global research and analysis team.

He warned that the firm had evidence "Duqu 2.0" attacks had also been made on other targets, including several venues used for talks between Iran and the West about Iran's nuclear programme.
Who's behind the attack? Nobody knows for certain, but Kaspersky is a Russian company and the perps appear to be a state agency with a lot of money. And they've used Microsoft software to gain access.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Gauss

Post by digidog » Thu Jun 11, 2015 8:06 pm

Who's behind duqu? Apparently it's not much a secret -- it's Israel.
An ambitious attempt to spy on foreign ministers as they negotiated over Iran's nuclear programme came to light yesterday when a cyber security firm uncovered new malware called "Duqu 2".

The company which found the highly sophisticated virus, Kaspersky Lab, said that only a state could have been responsible for its development - but declined to name the country involved. However, Kaspersky disclosed enough evidence to implicate Israeli intelligence.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Starwars Attacks - Stuxnet, Duqu, Flame, Red October, Gauss

Post by digidog » Wed Jun 24, 2015 11:49 pm

The Intercept reports on the NSA's continuing programme to hack most of the world's leading anti-virus software companies in their quest to track users and infiltrate networks. In particular they've targetted Kaspersky.

It's getting harder to tell the good guys from the bad guys these days.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests