Weaponized software

[unixronin]

OK, so the Conficker worm was smart and scary (though it ultimately appeared to fizzle; there is still speculation that it was a proof-of-concept).  It looks like Stuxnet might be scarier, in its own way.

Stuxnet makes use of two compromised digital certificates and four known zero-day Windows vulnerabilities; selectively uses a fifth vulnerability (the same one exploited by Conficker) on its target systems, where they're likely to be unpatched; it can infect a system running any version of Windows from a USB stick, upon insertion, with no additional user action required whatsoever; it limits the number of systems it infects, to try to avoid attracting attention; it specifically looks for SCADA systems to take over; and it knows how to reprogram SCADA systems.  The term "cyber missile" is being used to describe it.  It appears to be incredibly specifically targeted; it "fingerprints" systems that it infects in order to identify its target, looking for specific code in specific locations on specific programmable logic controllers, but there are no clear indications whether it has found its target yet.  It leaves systems that have the wrong "fingerprint" alone and doesn't interfere with them.  There is apparently speculation that (a) it's too sophisticated to be an "amateur" effort, (b) that it's possibly targeted at Iran's Bushehr nuclear reactor, and (c) that it may have already done its work — as Bushehr did not come online in August as it was supposed to, which Iran has explained away as "hot weather".  (Hot weather preventing a facility in Iran from coming online?  That sounds a bit like a ship not being launched on schedule because the ocean was wet.)

Links: Computerworld, Christian Science Monitor, a second CSM article, NetworkWorld, and Knowledge Brings Fear (blog; the author thinks it is targeted at Iran's uranium-enrichment centrifuges rather than at Bushehr itself, and cites Wikileaks and the BBC for supporting evidence).

(via bruce_schneier_feed)