A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #2802  by CloneRanger
 Sun Sep 19, 2010 6:26 pm
@ EP_X0FF

Very good links and info :) I hadn't read that before now.

swirl Gave a nice link to Langer which linked to here - http://www.upi.com/News_Photos/Features ... an/1581/2/ - It quite clearly shows SCADA software with an error seen on a computer screen of the Bushehr nuclear power plant = Licence Expired :P

Here's Seimens official hit page etc - http://support.automation.siemens.com/W ... aller=view

The plot thickens.
 #2803  by swirl
 Sun Sep 19, 2010 9:30 pm
CloneRanger wrote: swirl Gave a nice link to Langer which linked to here - http://www.upi.com/News_Photos/Features ... an/1581/2/ - It quite clearly shows SCADA software with an error seen on a computer screen of the Bushehr nuclear power plant = Licence Expired :P
about that image, some nice comments here: http://www.hackerfactor.com/blog/index. ... Nukes.html
but yes, if that is the current state of their computer system stuxnet was not necessary :D
 #2804  by CloneRanger
 Mon Sep 20, 2010 2:51 am
@ swirl

About that image

Good find :)

I see what you mean about it being in English, and the water etc treatment info, but i suppose it's possible. Anyway we do know for a fact that Iran has had SCADA systems infected, to what degree though i doubt we'll find out. Unless they choose to use the illegal infiltration to their advantage, and announce to the world who did it and why etc ;)

Here's some info from Siemens on how to use WinCC
Notes on using the Remote software on WinCC stations:

* Unlike PCS 7, the pcAnywhere software is not supplied withWinCC.
* The Host version of pcAnywhere must be installed on a WinCC station if that WinCC station is to be remote controlled by another PC station with pcAnywhere.
* The other PC station that remote controls the WinCC station needs the Remote version of pcAnywhere for remote control. For this you need the full version of pcAnywhere.
If you wish to use the full version of pcAnywhere from Symantec, then you have to procure the software.
* The full version of pcAnywhere is not released on WinCC systems.

As from WinCC V6.2, the "Microsoft Windows NetMeeting" software is released for Remote Service access and Remote Operation.
Isn't that asking for trouble ?
Notes on using virus scanners on WinCC stations:

* Disable the integrated firewall of the virus scanners or do not install the firewall.
* Do not run manual or time-controlled scans during Runtime mode.
* In the case of automatic scanning, only monitor the incoming data traffic.
* Scan only local drives.
* Enable e-mail scanning only on WinCC Engineering Stations.
* Disable display of dialog messages.
http://support.automation.siemens.com/W ... reeLang=en

Some of those instructions don't look like good advice either !
 #2805  by EP_X0FF
 Mon Sep 20, 2010 6:45 am
Offtopic political post removed. Please concentrate on technical side of the topic, not demagogy.
 #2839  by CloneRanger
 Wed Sep 22, 2010 2:37 pm
@ sww

Thanks for the link :)

Here's some more details

*
Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner

*

So far, Stuxnet has infected at least 45,000 industrial control systems around the world

http://news.yahoo.com/s/csm/327178
Strange ! Seimens says only 15 :P
Latest news on the infected computers:
To date, we know of 15 systems infected worldwide

http://support.automation.siemens.com/W ... aller=view
Stuxnet logbook, Sep 21 2010, 1200 hours MESZ

Ralph's analysis, part 2

http://www.langner.com/en/index.htm
It's getting hotter !
 #2841  by __Genius__
 Wed Sep 22, 2010 6:13 pm
Yes, actually eveything almost is obvious, the main target was iran and stuxnet successfully did it's mission done .
Also, I've seen lots of computers that are non-related to government and SCADA have been infected with stuxnet in our country (iran) .
So, it's the start of cyber war between Israel, USA & maybe targeted iran ... .
Actually, there's no problem with writing an Anti-Stuxnet, but according to Ralph's analysis it's a one-shot cyber weapon .
hmmm, I don't know what exactly our government still thinking about it, but actually there's no reliable solution available by our countrie's joking security companies ... .
I'm busy right now but in a proper time I'm hope to look at this malware, it's perfect :) .

btw, I don't know what's going on in our shit security companies (still I'm believe most of them are lol companies ... )
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7