The story behind the Stuxnet virus

1、the story behind the stuxnet virusa government-produced worm that may be aimed at an iranian nuclear plant? of course its made headlines. bruce schneierforbes commentary10.07.10 comments (3)computer security experts are often surprised at which stories get picked up by the mainstream media. sometime

2、s it makes no sense. why this particular data breach, vulnerability, or worm and not others? sometimes its obvious. in the case of stuxnet, theres a great story.as the story goes, the stuxnet worm was designed and released by a government-the u.s. and israel are the most common suspects-specifically

3、 to attack the bushehr nuclear power plant in iran. how could anyone not report that? it combines computer attacks, nuclear power, spy agencies and a country thats a pariah to much of the world. the only problem with the story is that its almost entirely speculation.heres what we do know: stuxnet is

4、 an internet worm that infects windows computers. it primarily spreads via usb sticks, which allows it to get into computers and networks not normally connected to the internet. once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain privile

5、ge once it has infected those machines. these mechanisms include both known and patched vulnerabilities, and four zero-day exploits: vulnerabilities that were unknown and unpatched when the worm was released. (all the infection vulnerabilities have since been patched.)stuxnet doesnt actually do anyt

6、hing on those infected windows computers, because theyre not the real target. what stuxnet looks for is a particular model of programmable logic controller (plc) made by siemens (the press often refers to these as scada systems, which is technically incorrect). these are small embedded industrial co

7、ntrol systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines-and, yes, in nuclear power plants. these plcs are often controlled by computers, and stuxnet looks for siemens simatic wincc/step 7 controller software.if it doesnt find on

8、e, it does nothing. if it does, it infects it using yet another unknown and unpatched vulnerability, this one in the controller software. then it reads and changes particular bits of data in the controlled plcs. its impossible to predict the effects of this without knowing what the plc is doing and

9、how it is programmed, and that programming can be unique based on the application. but the changes are very specific, leading many to believe that stuxnet is targeting a specific plc, or a specific group of plcs, performing a specific function in a specific location-and that stuxnets authors knew ex

10、actly what they were targeting.its already infected more than 50,000 windows computers, and siemens has reported 14 infected control systems, many in germany. (these numbers were certainly out of date as soon as i typed them.) we dont know of any physical damage stuxnet has caused, although there ar

11、e rumors that it was responsible for the failure of indias insat-4b satellite in july. we believe that it did infect the bushehr plant.stuxnet was first discovered in late june, although theres speculation that it was released a year earlier. as worms go, its very complex and got more complex over t

12、ime. in addition to the multiple vulnerabilities that it exploits, it installs its own driver into windows. these have to be signed, of course, but stuxnet used a stolen legitimate certificate. interestingly, the stolen certificate was revoked on july 16, and a stuxnet variant with a different stole

13、n certificate was discovered on july 17.over time the attackers swapped out modules that didnt work and replaced them with new ones-perhaps as stuxnet made its way to its intended target. those certificates first appeared in january. usb propagation, in march.stuxnet has two ways to update itself. i

14、t checks back to two control servers, one in malaysia and the other in denmark, but also uses a peer-to-peer update system: when two stuxnet infections encounter each other, they compare versions and make sure they both have the most recent one. it also has a kill date of june 24, 2012. on that date

15、, the worm will stop spreading and delete itself.we dont know who wrote stuxnet. we dont know why. we dont know what the target is, or if stuxnet reached it. but you can see why there is so much speculation that it was created by a government.stuxnet doesnt act like a criminal worm. it doesnt spread

16、 indiscriminately. it doesnt steal credit card information or account login credentials. it doesnt herd infected computers into a botnet. it uses multiple zero-day vulnerabilities. a criminal group would be smarter to create different worm variants and use one in each. stuxnet performs sabotage. it

17、doesnt threaten sabotage, like a criminal organization intent on extortion might.stuxnet was expensive to create. estimates are that it took 8 to 10 people six months to write. theres also the lab setup-surely any organization that goes to all this trouble would test the thing before releasing it-an

18、d the intelligence gathering to know exactly how to target it. additionally, zero-day exploits are valuable. theyre hard to find, and they can only be used once. whoever wrote stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.stuxnet also set

19、s a registry value of 19790509 to alert new copies of stuxnet that the computer has already been infected. its rather obviously a date, but instead of looking at the gazillion things-large and small-that happened on that the date, the story insists it refers to the date persian jew habib elghanain w

20、as executed in tehran for spying for israel.sure, these markers could point to israel as the author. on the other hand, stuxnets authors were uncommonly thorough about not leaving clues in their code; the markers could have been deliberately planted by someone who wanted to frame israel. or they cou

21、ld have been deliberately planted by israel, who wanted us to think they were planted by someone who wanted to frame israel. once you start walking down this road, its impossible to know when to stop.another number found in stuxnet is 0xdeadf007. perhaps that means dead fool or dead foot, a term tha

22、t refers to an airplane engine failure. perhaps this means stuxnet is trying to cause the targeted system to fail. or perhaps not. still, a targeted worm designed to cause a specific sabotage seems to be the most likely explanation.if thats the case, why is stuxnet so sloppily targeted? why doesnt s

23、tuxnet erase itself when it realizes its not in the targeted network? when it infects a network via usb stick, its supposed to only spread to three additional computers and to erase itself after 21 days-but it doesnt do that. a mistake in programming, or a feature in the code not enabled? maybe were

24、 not supposed to reverse engineer the target. by allowing stuxnet to spread globally, its authors committed collateral damage worldwide. from a foreign policy perspective, that seems dumb. but maybe stuxnets authors didnt care.my guess is that stuxnets authors, and its target, will forever remain a

25、mystery.bruce schneier is a security technologist and the chief security technology officer of computer security firm bt. read more of his writing .related stories stuxnet speculation fuels crackdown by iranian intelligence british nuclear power plant goes dark. stuxnet worm to bla

26、me? reality check: is stuxnets iran connection the new iraqi wmd? you never hear the cyber bullet that kills you theories mount that stuxnet worm sabotaged iranian nuke facilitiesreader commentsto most (if not all) of the world outside the us, the date string (if it is a date) 19790509 depicts 5 sep

27、tember 1979 - not 9 may 1979. this is somewhat telling in its own right. although 19790509 read moreposted by vancem | 10/08/10 09:08 am edt i keep asking this question about myrtus which is also the gamer tag of someone who held pole position on the leaderboard of a free combat game called rumble f

28、ighter for a really long time. isnt i read moreposted by lissnup | 10/07/10 05:39 pm edt i would make speculation maybe someone in microsoft also get involved? the reason i say that is the microsoft security essential purposely modify files permission. in our lab testing, if you open a read morepost

29、ed by myview | 10/07/10 11:48 am edt 我的大學愛情觀1、什么是大學愛情：大學是一個相對寬松，時間自由，自己支配的環(huán)境，也正因為這樣，培植愛情之花最肥沃的土地。大學生戀愛一直是大學校園的熱門話題，戀愛和學業(yè)也就自然成為了大學生在校期間面對的兩個主要問題。戀愛關(guān)系處理得好、正確，健康，可以成為學習和事業(yè)的催化劑，使人學習努力、成績上升；戀愛關(guān)系處理的不當，不健康，可能分散精力、浪費時間、情緒波動、成績下降。因此，大學生的戀愛觀必須樹立在健康之上，并且樹立正確的戀愛觀是十分有必要的。因此我從下面幾方面談?wù)勛约旱膶Υ髮W愛情觀。2、什么是健康的愛情：1) 尊重對方，不

30、顯示對愛情的占有欲，不把愛情放第一位，不癡情過分；2) 理解對方，互相關(guān)心，互相支持，互相鼓勵，并以對方的幸福為自己的滿足; 3) 是彼此獨立的前提下結(jié)合；3、什么是不健康的愛情：1)盲目的約會，忽視了學業(yè);2)過于癡情，一味地要求對方表露愛的情懷，這種愛情常有病態(tài)的夸張;3)缺乏體貼憐愛之心，只表現(xiàn)自己強烈的占有欲;4)偏重于外表的追求;4、大學生處理兩人的在愛情觀需要三思：1. 不影響學習：大學戀愛可以說是一種必要的經(jīng)歷，學習是大學的基本和主要任務(wù)，這兩者之間有錯綜復(fù)雜的關(guān)系，有的學生因為愛情，過分的忽視了學習，把感情放在第一位；學習的時候就認真的去學，不要去想愛情中的事，談戀愛的時候用心

31、去談，也可以交流下學習，互相鼓勵，共同進步。2. 有足夠的精力：大學生活，說忙也會很忙，但說輕松也是相對會輕松的！大學生戀愛必須合理安排自身的精力，忙于學習的同時不能因為感情的事情分心，不能在學習期間，放棄學習而去談感情，把握合理的精力，分配好學習和感情。3、 有合理的時間；大學時間可以分為學習和生活時間，合理把握好學習時間和生活時間的“度”很重要；學習的時候，不能分配學習時間去安排兩人的在一起的事情，應(yīng)該以學習為第一；生活時間，兩人可以相互談?wù)剳賽?，用心去談，也可以交流下學習，互相鼓勵，共同進步。5、大學生對愛情需要認識與理解，主要涉及到以下幾個方面：（1） 明確學生的主要任務(wù)“放棄時間的人，時間也會放棄他。”大學時代是吸納知識、增長才干的時期。作為當代大學生，要認識到現(xiàn)在的任務(wù)是學習學習做人、學習知識、學習為人民服務(wù)的本領(lǐng)。在校大學生要集中精力，投入到學習和社會實踐中，而