Stuxnet Clone 'Duqu' Possibly Preparing Power Plant Attacks
By Matt Liebowitz
Published October 18, 2011
Translation by Autumnson Blog
在伊朗布什爾南部城市外的布什爾核電站工作的伊朗技術人員。
Security researchers have detected a new Trojan, scarily similar to the infamous Stuxnet worm, which could disrupt computers controlling power plants, oil refineries and other critical infrastructure networks.
安全研究人員已經發現一種新的木馬,可怕地類似臭名昭著的Stuxnet蠕蟲病毒,它可能會破壞控制發電廠、煉油廠和其它關鍵基礎設施網絡的電腦。
The Trojan, dubbed “Duqu” by the security firm Symantec, appears, based on its code, to have been written by the same authors as the Stuxnet worm, which last July was used to cripple an Iranian nuclear-fuel processing plant.
木馬被安全公司賽門鐵克稱為“Duqu”出現,基於其代碼,已被相同的作者寫為Stuxnet蠕蟲,那去年七月被用來削弱伊朗的核燃料加工廠。
“Stuxnet source code is not out there,” wrote F-Secure cybersecurity expert Mikko Hyppönen on his firm’s blog. “Only the original authors have it. So, this new backdoor was created by the same party that created Stuxnet.”
“Stuxnet的源代碼是不公開的,”F-Secure的網絡安全專家米科在他的公司博客上寫道。 “只有原作者有,因此,這新的後門是由同一班創建Stuxnet的人所創造的。“
The original Stuxnet was specifically designed to compromise an industrial control system by manipulating the supervisory control and data acquisition (SCADA) software on which these facilities rely on for automation. Duqu may have its sights set on the same target, but it approaches from a different angle.
“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different,” researchers for the security firm Symantec wrote on its Security Response blog.
Instead of directly targeting the SCADA system, Duqu gathers “intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”
代替直接針對SCADA系統,Duqu 聚集“情報資料和來自實體的資產,例如工業控制系統製造商,以圖更容易地進行一項未來攻擊針對其他第三方。攻擊者正在尋找信息例如設計文件,可幫助他們安裝一個未來攻擊在工業控制設施上。“
“Duqu is essentially the precursor to a future Stuxnet-like attack,” the researchers added.
Symantec said whoever is behind Duqu rigged the Trojan to install another information-stealing program on targeted computers that could record users’ keystrokes and system information and transmit them, and other harvested data, to a command-and-control (C&C) server. The C&C server is still operational, Symantec said.
McAfee, another prominent security firm, has a different analysis of Duqu. Two of its researchers wrote on McAfee’s blog that Duqu is actually highly sophisticated spyware designed to steal digital certificates, which are encrypted “keys” that websites use to verify their identities. (Stolen certificates, apparently purloined by a lone Iranian hacker, have become a big issue recently.)
Neither Symantec, McAfee nor F-Secure would speculate about who’s behind Duqu, but the conventional wisdom on Stuxnet is that it was created by the intelligence services of the U.S. and Israel to knock out a uranium-refinement plant in Iran.
This new entry into the Stuxnet family comes just after the Department of Homeland Security (DHS) issued a bulletin warning that the notorious hacking group Anonymous may soon start looking to bring down or disrupt industrial control facilities. Posted yesterday (Oct. 18) to publicintelligence.net, the unclassified bulletin assesses Anonymous’ ability to compromise SCADA systems that run power plants, chemical plants, oil refineries and other industrial facilities.
Government officials did not blame Anonymous for any such hacks, and the bulletin says that based on available information, Anonymous has “a limited ability to conduct attacks” on industrial control systems.
The group’s agenda could change, however. The DHS document cites several recent actions, including Anonymous’ cyberattack on the websites and servers of biotech seed company Monsanto, as proof that Anonymous could “develop capabilities to gain access and trespass on control system networks very quickly.”
http://www.foxnews.com/scitech/2011/10/18/stuxnet-clone-found-possibly-preparing-power-plant-attacks/
匿名警告他們有Stuxnet核電廠電腦病毒的源代碼
安全專家:美國“領先部隊”在Stuxnet蠕蟲病毒的背後
德國公司涉及蠕蟲病毒:光明會遊戲卡的可能電腦蠕蟲攻擊
互聯網審查的完美風暴
沒有留言:
發佈留言