Stuxnet Worm’s New Cyberattack Reported By Iran Media
An Iranian semi-official news agency says there has been another cyberattack by the sophisticated computer worm Stuxnet, this time on the industries in the country’s south.
Tuesday’s report by ISNA quotes provincial civil defense chief Ali Akbar Akhavan as saying the virus targeted a power plant and some other industries in Hormozgan province in recent months.
Akhavan says Iranian computer experts were able to “successfully stop” the worm.
Iran has repeatedly claimed defusing cyber worms and malware, including Stuxnet and Flame viruses that targeted the vital oil sector, which provides 80 percent of the country’s foreign revenue.
Tehran has said both worms are part of a secret U.S.-Israeli program that seeks to destabilize Iran’s nuclear program.
The West suspects Iran is pursuing a nuclear weapons program, a charge Tehran denies.
(via pablo-jose-666)
The Failure of Anti-Virus Companies to Catch Military Malware
June 19, 2012
Mikko Hypponen of F-Secure attempts to explain why anti-virus companies didn’t catch Stuxnet, DuQu, and Flame:
[…]
His conclusion is simply that the attackers — in this case military intelligence agencies — are simply better than commercial-grade anti-virus programs.
[…]
I don’t buy this. It isn’t just the military that tests their malware against commercial defense products; criminals do it, too. Virus and worm writers do it. Spam writers do it. This is the never-ending arms race between attacker and defender, and it’s been going on for decades. Probably the people who wrote Flame had a larger budget than a large-scale criminal organization, but their evasive techniques weren’t magically better. Note that F-Secure and others had samples of Flame; they just didn’t do anything about them.
I think the difference has more to do with the ways in which these military malware programs spread. That is, slowly and stealthily. It was never a priority to understand — and then write signatures to detect — the Flame samples because they were never considered a problem. Maybe they were classified as a one-off. Or as an anomaly. I don’t know, but it seems clear that conventional non-military malware writers that want to evade detection should adopt the propagation techniques of Flame, Stuxnet, and DuQu.
Schneier on Security: The Failure of Anti-Virus Companies to Catch Military Malware
Flame and Stuxnet devs shared zero day exploits: Team worked together as US, Israel quibble for credit
11 Jun 2012 16:22 | by Beendare Seendat
Kaspersky’s security labs have discovered the Flame and Stuxnet worms, which were designed to tear apart critical IT infrastructure in regimes opposed to US interests, cooperated at least once in the early stages of their development.
An Obama administration spokesperson recently confirmed to the New York Times’ David Sanger - who has a book coming out - that it was behind the Stuxnet worm, which laid ruin to Iran’s nuclear enrichment facilities. Rather than an expose, the story appeared just in time for the critical run-up to the 2012 presidential elections, where Obama and the Democrats seem to be going for the Republican vote. Mitt Romney, the Republican candidate, has claimed Obama has been too soft in his foreign policy.
Now, Kaspersky’s in-depth research proves Flame and Stuxnet were, in fact, related. Whether they were separated brothers or distant cousins, it suggests that they originate from the same or similar sources, in the early stages.
[…]
Obama administration sped up cyberattacks on #Iran after #Stuxnet disclosure
04 June 2012
The Obama administration accelerated cyberattacks against Iranian fuel processing facilities after public disclosure of the US-Israeli developed Stuxnet worm, says the New York Times.
The US government – under both the Bush and Obama administrations – and the Israeli government were engaged in a program for years to develop cyberweapons targeting Iran’s nuclear facilities, a program that led to the development and deployment of the Stuxtnet worm, according to a report by the New York Times.
Citing anonymous US, Israeli, and European government officials who participated in the program, the newspaper said the Obama administration accelerated the cyberattacks against the Iranian facilities after the Stuxnet worm was accidentally disclosed to the public in 2010.
The accelerated Stuxnet attacks took out nearly 1,000 of the 5,000 centrifuges Iran was using to process fuel for its nuclear reactors, according to the report. This figure corresponds to one arrived at by anindependent study issued by the Institute for Science and International Security in 2010.
[…]
Infosecurity: Obama administration sped up cyberattacks on Iran after Stuxnet disclosure
Note: Separate from the issue of nuclear energy or not, this is economic warfare, it is based on fear, and it might just create what it thinks it is avoiding, just like the drone attacks in yemen, pakistan and afghanistan.
Flame malware, from genesis to the plot theory | Security Affairs
May 30th, 2012
In this article I desire to discuss about many personal doubts and beliefs regarding the Flame malware, first my idea that we are facing with a new powerful cyber weapon.
In the same hours the Iranian Computer Emergency Response Team Coordination CenterLab, CrySyS Lab and Kaspersky Lab have published news regarding the new malware that has been detected and that have hit mainly Windows systems of Middle East area, specifically the Iran.
This first information let me think that behind the development of what has been defined “very sophisticated cyber weapon” there is Israel or a Western Country.
Moshe Ya’alon, Israel’s vice premier,rejects every accusation by defining speculation the news that indicate Israel as responsible. But this is a story already seen in the Stuxnet case, all denied meanwhile intelligence and military experts have reported that Stuxnet was tested at the Dimona nuclear complex in Israel in a joint U.S.-Israeli effort to undermine the Iranian program.
[…]
Flame malware, from genesis to the plot theory | Security Affairs
‘Flame’ Virus explained: How it works and who’s behind it
May 29, 2012
Flame may be the most powerful computer virus in history, and a nation-state is most likely to blame for unleashing it on the World Wide Web.Kaspersky’s chief malware expert Vitaly Kamlyuk shared with RT the ins and outs of Stuxnet on steroids.
Iran appears to be the primary target of the data-snatching virus that has swept through the Middle East, though other countries have also been affected.The sheer complexity of the virus and its targets has led Moscow-based Kaspersky Lab to believe a state is behind the attack.
Kaspersky first spotted the virus in 2010, though it may have been wrecking havoc on computer systems for many years.Vitaly Kamlyuk told RT how his company discovered it, just what makes Flame so significant, features of the virus that could point towards its creator, and why we all lose out in this intensifying cyber-war. […]
Interview with Kaspersky: ‘Flame’ Virus explained: How it works and who’s behind it
#Stuxnet was planted by #Israeli backed terrorists: #US #spooks spill the beans
13 Apr 2012 08:29 | by Nick Farrell
The Stuxnet virus that put back Iran’s nuclear program by some years was planted by an Israeli backed terrorist group.
A member of the Mujahedeen-e-Khalq (MEK) used a corrupt memory stick, US intelligence officials said.
It is these same Israeli proxies who have been bumping off Iran’s nuclear scientists, these sources said.
Vince Cannistraro, former head of the CIA’s Counterterrorism unit, was quoted in IS Source as saying that the MEK is being used as the assassination arm of Israel’s Mossad intelligence service.
The dissidents have a functioning, effective network inside Iran and they have access to officials in the nuclear program.
The MEK was founded in the 1970s, the group was stridently anti-Shah and allied itself with the dictatorship of Iraq’s Saddam Hussein. It helped him kill domestic opponents and the massacre of Iraqi Shias and Kurds in the 1991 uprising.
In France, they conducted killings in Paris, including six or seven US Army sergeants. He added the French “were terrified of them.”
A saboteur at the Natanz nuclear facility, who was a member of an Iranian dissident group, used a memory stick to infect the machines there. Once the memory stick was infected, the virus was able to infiltrate the network and take over the system. US officials said they believe the infection commenced when the user simply clicked on the associated icon in Windows. Several reports pointed out this was a direct application of one of the zero-day vulnerabilities Stuxnet used.
TechEye.net: Stuxnet was planted by Israeli backed terrorists: US spooks spill the beans
