Tornado Alley (PROG)

[fuagf]

Microsoft reveals Stuxnet worm exploits multiple zero days
Microsoft revealed that four additional zero days are used by the Stuxnet worm, and two remain unpatched.

* Tony Bradley (PC World (US online))
* 16 September, 2010 03:03

Microsoft released nine new security bulletins-- .. http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx .. four with an overall rating of Critical this week for the September Patch Tuesday. The big news of the month, though, is the Stuxnet worm. Microsoft revealed that four additional zero day flaws are exploited by the worm, and two of those four remain unpatched.

The Stuxnet worm made headlines .. http://www.pcworld.com/businesscenter/article/202353/microsoft_rushes_unscheduled_patch_for_shortcut_flaw.html .. earlier this year when it was discovered to be used in sophisticated attacks against SCADA [Insert: .. http://en.wikipedia.org/wiki/SCADA ..] networks. Microsoft released an out-of-band update (MS10-046) to address the Windows shortcut flaw that enabled the malware to execute simply by displaying icons, but the worm apparently had some additional tricks up its sleeve. .. continued .. http://www.computerworld.com.au/article/360843/microsoft_reveals_stuxnet_worm_exploits_multiple_zero_days/
..................................
Stuxnet worm rampaging through Iran: IT official
September 27, 2010

The Stuxnet worm is mutating and wreaking further havoc on computerised industrial equipment in Iran where about 30,000 IP addresses have already been infected, IRNA news agency reported on Monday.

"The attack is still ongoing and new versions of this virus are spreading," Hamid Alipour, deputy head of Iran's Information Technology Company, was quoted as saying by IRNA, Iran's official news agency.

Stuxnet, which was publicly identified in June, was tailored for Siemens supervisory control and data acquisition, or SCADA, systems commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

The self-replicating malware has been found lurking on Siemens systems mostly in India, Indonesia and Pakistan, but the heaviest infiltration appears to be in Iran, according to researchers.

The hackers, who enjoyed "huge investments" from a series of foreign countries or organisations, designed the worm to exploit five different security vulnerabilities, Alipour said while insisting that Stuxnet was not a "normal" worm.

He said his company had begun the cleanup process at Iran's "sensitive centres and organisations," the report said.

Analysts say Stuxnet may have been designed to target Iran's nuclear facilities. But Iranian officials have denied the Islamic republic's first nuclear plant at Bushehr was among the addresses penetrated by the worm.

"This virus has not caused any damage to the main systems of the Bushehr power plant," Bushehr project manager Mahmoud Jafari said on Sunday.

He, however, added the worm had infected some "personal computers of the plant's personnel."

Alipour, whose company is tasked with planning and developing networks in Iran, said personal computers were also being targeted by the malware.

"Although the main objective of the Stuxnet virus is to destroy industrial systems, its threat to home computer users is serious," Alipour said.

The worm is able to recognise a specific facility's control network and then destroy it, according to German computer security researcher Ralph Langner, who has been analysing the malicious software.

Langner said he suspected Stuxnet was targeting Bushehr nuclear power plant, where unspecified problems have been blamed for delays in getting the facility fully operational.

Iran's nuclear ambitions are at the heart of a conflict between Tehran and the West, which suspects the Islamic republic is seeking to develop atomic weapons under the cover of a civilian drive.

Tehran denies the allegation and has pressed on with its enrichment programme -- the most controversial aspect of its nuclear activities -- despite four sets of UN Security Council sanctions.
http://news.smh.com.au/breaking-news-technology/stuxnet-worm-rampaging-through-iran-it-official-20100927-15u4l.html