Monday, February 14, 2011

Virus disclosed: Stuxnet code in the wild

 The computer worm Stuxnet with which the Iranian nuclear program was sabotaged, is now available in source code. The program had been found in compiled form in e-mails that an American IT company had been stolen, reports the website Crowdleaks. We have converted part of the program in a readable form in order to verify its authenticity.

The 16 files published on the portal then the code platform Github. The hacker group Anonymous was stolen in early February about 60,000 e-mails from the U.S. firm HBGary and as a torrent file freely available. The company has specialized in defending against cyber attacks and works for the U.S.government.

After the company Anonymous has targeted and apparently some backers of the activist group had identified, beat back the hackers who stole data and took the Twitter account of the company president. A Stuxnet version Crowdleaks now found in an e-mail that company president Aaron Barr of the anti-virus software company McAfee has been sent.

The site also published several e-mails showing that it was within HBGary obviously thought about Stuxnet use for their own purposes. The at least claimed Crowdleaks. The corresponding e-mails sound in any case quite excited: CEO Barr swears his people a fact related to lose no word on the work of the company Stuxnet.

Other HBGary staff plan, meanwhile, has a so-called rootkit, a collection of tools to take on other computers. IT security experts have had prior access to Stuxnet - and lost not a good line about the program. The code contains some basic mistakes, says a developer. Thus, the worm would not encrypted communication and spread via the Internet, which is not exactly the kind of inconspicuous.

No camouflage mechanisms would be used, which would make the simple decompilation. In short, "Awkward, not surprisingly." To a similar conclusion is also a programmer who was hired by Crowdleaks with the analysis of the code: "It looks as if a child painted with finger paint a picture." A hacker did not write the code, it looked more like the development of a professional engineering team.

Most of the routines used are known, the four methods of attack are the only remarkable. The experts now believe that the Stuxnet worm was programmed by two different teams. The routines to attack by hackers if possible, the trappings of a second team of less experienced software developers.

The unnamed programmer told Crowdleaks, commercially it was probably a commissioned work. The malicious program was discovered in July 2010. The software was obviously designed with great effort to sabotage Iran's uranium enrichment technology on very subtle way - which apparently has succeeded in a big way.

No comments:

Post a Comment