Please Help New English Review
For our donors from the UK:
New English Review
New English Review Facebook Group
Follow New English Review On Twitter
Recent Publications by New English Review Authors
The Real Nature of Religion
by Rebecca Bynum
As Far As The Eye Can See
by Moshe Dann
Threats of Pain and Ruin
by Theodore Dalrymple
The Oil Cringe of the West: The Collected Essays and Reviews of J.B. Kelly Vol. 2
edited by S.B. Kelly
The Impact of Islam
by Emmet Scott
Sir Walter Scott's Crusades and Other Fantasies
by Ibn Warraq
Fighting the Retreat from Arabia and the Gulf: The Collected Essays and Reviews of J.B. Kelly. Vol. 1
edited by S.B. Kelly
The Literary Culture of France
by J. E. G. Dixon
Hamlet Made Simple and Other Essays
by David P. Gontar
Farewell Fear
by Theodore Dalrymple
The Eagle and The Bible: Lessons in Liberty from Holy Writ
by Kenneth Hanson
The West Speaks
interviews by Jerry Gordon
Mohammed and Charlemagne Revisited: The History of a Controversy
Emmet Scott
Why the West is Best: A Muslim Apostate's Defense of Liberal Democracy
Ibn Warraq
Anything Goes
by Theodore Dalrymple
Karimi Hotel
De Nidra Poller
The Left is Seldom Right
by Norman Berdichevsky
Allah is Dead: Why Islam is Not a Religion
by Rebecca Bynum
Virgins? What Virgins?: And Other Essays
by Ibn Warraq
An Introduction to Danish Culture
by Norman Berdichevsky
The New Vichy Syndrome:
by Theodore Dalrymple
Jihad and Genocide
by Richard L. Rubenstein
Spanish Vignettes: An Offbeat Look Into Spain's Culture, Society & History
by Norman Berdichevsky
















clear
Wednesday, 27 February 2013
The Stuxnet Malworm Missing Link- Version 0.5 predates prior disclosures
clear

Symantec, the computer anti-virus software system firm, has found ‘in the wild’ code for a prior version of the Stuxnet malworm that indicates launch in2005. They call it Version 0.5 that predates Version 1.0 that was reported in 2009. Stuxnet Malworm attacked the Siemens SCADA operating systems that controlled the timing of the release of hexafluoride gas to centrifuges at the Natanz enrichment facility in Iran. Further, Symantec indicated in a White Paper released this week, that elements of the Stuxnet malworm version 0.5 may be based on the Flame espionage software system.  We noted in a May 2012 post on Flame that Israeli Minister for Strategic Affairs. Moshe Ya’alon had suggested that Israel’s much vaunted Unit 8200 may have been behind Flame. We also suggested that Flame could have been the platform for Stuxnet, Duqu and other variants. The Symantec revelations about a 2005 date raises the possibility that Flame and Stuxnet might have been a cooperative US-Israeli effort that began under the Bush Administration.

Israel Hayom reported on the comments of both Symantec researchers and Dr. David Albright, former UN nuclear inspector and head of the Washington, DC-based Institute for Science and international Security:

Symantec researchers said on Tuesday they had uncovered a piece of code, which they called "Stuxnet 0.5," among the thousands of versions of the virus they recovered from infected machines.

They found evidence that Stuxnet 0.5 was in development as early as 2005, when Iran was still setting up its uranium enrichment facility, and the virus was deployed in 2007; the same year the Natanz facility went online.

"It is really mind-blowing that they were thinking about creating a project like that in 2005," Symantec researcher Liam O'Murchu told Reuters.

Security experts who reviewed Symantec's 18-page report on Stuxnet 0.5 said it showed the cyber weapon was already powerful enough to cripple output at Natanz as far back as six years ago.

"This attack could have damaged many centrifuges without destroying so many that the plant operator would have become suspicious," said a report by the Institute for Science and International Security, which is led by former U.N. weapons inspector David Albright and closely monitors Iran's nuclear program.

Although it is unclear what damage Stuxnet 0.5 might have caused, Symantec said it had been designed to attack the Natanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility.

Symantec noted in its findings how Stuxnet evolved from Flame and interacted with Siemens SCARDA operating controls software:

In July 2010, Stuxnet, one of the most sophisticated pieces of malware ever written, was discovered in the wild. This complex malware took many months to analyze and the eventual payload significantly raised the bar in terms of cyber threat capability. Stuxnet proved that malicious programs executing in the cyber world could successfully impact critical national infrastructure. The earliest known variant of Stuxnet was version 1.001 created in 2009. That is, until now.

Symantec Security Response has recently analyzed a sample of Stuxnet that predates version 1.001. Analysis of this code reveals the latest discovery to be version 0.5 and that it was in operation between 2007 and 2009 with indications that it, or even earlier variants of it, were in operation as early as 2005.

Key discoveries found while analyzing Stuxnet 0.5:

  • Oldest variant of Stuxnet ever found
  • Built using the Flamer platform
  • Spreads by infecting Step 7 projects including on USB keys
  • Stops spreading on July 4, 2009 
  • Does not contain any Microsoft exploits
  • Has a full working payload against Siemens 417 PLCs that was incomplete in Stuxnet 1.x versions

As with version 1.x, Stuxnet 0.5 is a complicated and sophisticated piece of malware requiring a similar level of skill and effort to produce.

Despite the age of the threat and kill date, Symantec sensors have still detected a small number of dormant infections (Stuxnet 0.5 files found within Step 7 project files) worldwide over the past year.

Watch this Symantec video on the discovery of Version 0.5 and chronology of the Stuxnet malworm:

clear
Posted on 02/27/2013 10:02 AM by Jerry Gordon
Comments
No comments yet.


Guns, Germs and Steel in Tanzania
The Thinking Person's Safari
Led by Geoffrey Clarfield
Most Recent Posts at The Iconoclast
Search The Iconoclast
Enter text, Go to search:
clear
The Iconoclast Posts by Author
The Iconoclast Archives
sun mon tue wed thu fri sat
       1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30       
clear

Subscribe