All Eyes On Stuxnet At Annual Virus Researcher Summit

The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers  reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. HED: All eyes on Stuxnet at annual virus researcher summitDEK: Researchers will reveal new details about the Stuxnet Virus at the Annual Virus Bulletin Conference in Vancouver this week.

The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers  reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. 

HED: All eyes on Stuxnet at annual virus researcher summit
DEK: Researchers will reveal new details about the Stuxnet Virus at the Annual Virus Bulletin Conference in Vancouver this week. 
The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers  reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. 
Researchers from Microsoft, Kaspersky Lab and Symantec are scheduled to reveal more than has been previously known about the mysterious virus, which was first identified in July and has been spreading steadily around the world, targeting industrial control systems manufactured by Siemens. 
In a joint presentation, researchers from Microsoft and Kaspersky Lab will discuss the findings of a joint analysis of The Stuxnet virus, detailing how the virus leveraged unpatched and – for the most part- unknown holes in MIcrosoft’s Windows operating system to infect and spread over computer networks. Among the questions that experts would like to answer concern the origin of the virus, its exact purpose and how it was able to spread between the protected and isolated infrastructures of some of the world’s top nuclear facilities. 
In a separate presentation, Liam O’ Murchu of Symantec will reveal details of his analysis of the worm’s inner workings. O Murchu is one of a handful of researchers credited with discovering Stuxnet’s use of a vulnerability in Windows Print Spooler Service to compromise and spread between networked Windows systems. 
Recent weeks have brought a string of sensational revelations about Stuxnet that have stoked speculation in security and political circles. Analysts long suspected that the virus, widely recognized as one of the most sophisticated threats ever to be publicly disclosed, was designed with a specific target or targets in mind and had nation-state backing. Subsequent analysis of outbreak data from Symantec in recent weeks turned the spotlight on Iran as a likely target and state sponsored hackers working for the U.S. or Israeli army as likely sources for  Stuxnet, which may have been written to quietly disable nuclear enrichment facilities in Iran – an assertation reinforced by industrial control experts and not disputed by the intelligence community.
However, each week has also brought new revelations that cloud the Stuxnet picture at just the moment it seems to be coming into focus. Researchers at both Kaspersky and Symantec have publicly questioned the consensus that Iran’s nuclear facilities were Stuxnet’s clear target, citing infection data from India and other countries that rivals that of Iran. 
O Murchu also noted that the Print Spooler Service hole that he and researchers from Kaspersky Lab independently discovered and repoerted  to MIcrosoft’s Security Response Center had been publicly revealed almost a year earlier in the pages of Polish hacking magazine, Hackin9. O Murchu also revealed on a Symantec blog that the Windows shortcut file (LNK) vulnerability that Stuxnet used to jump from portable media devices to Windows systems was a late addition to the virus. Earlier versions of the worm had, instead, exploited the Windows AutoRun feature to infect Windows systems. That suggests that Stuxnet may have been spreading in the wild for much longer than researchers had previously believed, muddying the picture still more. 
The most sought after information concern the three as-yet unpatched Windows vulnerabilities used by Stuxnet. Attendees at Virus Bulletin will be looking for any details about those holes or about other Stuxnet capabilities that are as yet unknown. 
[researcher quote – ]

Researchers from Microsoft, Kaspersky Lab and Symantec are scheduled to reveal more than has been previously known about the mysterious virus, which was first identified in July and has been spreading steadily around the world, targeting industrial control systems manufactured by Siemens. 

In a joint presentation at the annual gathering, researchers from Microsoft and Kaspersky Lab will discuss the findings of a joint analysis of The Stuxnet virus, detailing how the virus leveraged unpatched and – for the most part- unknown holes in MIcrosoft’s Windows operating system to infect and spread over computer networks.

Among the most pressing questions that experts would like to answer concern the origin of the virus, its exact purpose and how it was able to spread between the protected and isolated infrastructures of some of the world’s top nuclear facilities. That will be the subject of a separate presentation by Liam O’ Murchu of Symantec, one of a handful of researchers credited with discovering Stuxnet’s use of a vulnerability in Windows Print Spooler Service to compromise and spread between networked Windows systems. 

In his presentation, O’ Murcho has promised to delve into Stuxnet’s more remarkable characteristics: its ability to identify, compromise and control industrial control systems used by power plants and nuclear facilities. O’ Murchu will reveal details of his analysis of the worm’s unique Trojan component affecting programmable logic controllers and provide insight into the origins of Stuxnet and its intended purpose.

Recent weeks have brought a string of sensational revelations about Stuxnet that have stoked speculation in security and political circles. Analysts long suspected that the virus, one of the most sophisticated threats ever to be publicly disclosed, was designed with a specific target or targets in mind and had nation-state backing. Subsequent analysis of outbreak data from Symantec in recent weeks turned the spotlight on Iran as a likely target and state sponsored hackers working for the U.S. or Israeli army as likely sources for  Stuxnet, which may have been written to quietly disable nuclear enrichment facilities in Iran – an assertion reinforced by industrial control experts and not disputed by the intelligence community.

However, each week has also brought new revelations that cloud the Stuxnet picture at just the moment it seems to be coming into focus. Researchers at both Kaspersky and Symantec have publicly questioned the consensus that Iran’s nuclear facilities were Stuxnet’s clear target, citing infection data from India and other countries that rivals that of Iran. 

O Murchu also noted that the Print Spooler Service hole that he and researchers from Kaspersky Lab independently discovered and reported  to MIcrosoft’s Security Response Center had been publicly revealed almost a year earlier in the pages of Polish hacking magazine, Hackin9. O Murchu also revealed on a Symantec blog that the Windows shortcut file (LNK) vulnerability that Stuxnet used to jump from portable media devices to Windows systems was a late addition to the virus. Earlier versions of the worm had, instead, exploited the Windows AutoRun feature to infect Windows systems. That suggests that Stuxnet may have been spreading in the wild for much longer than researchers had previously believed, muddying the picture still more. 

The most sought after information concern the three as-yet unpatched Windows vulnerabilities used by Stuxnet. Attendees at Virus Bulletin will be looking for any details about those holes or about other Stuxnet capabilities that are as yet unknown. 

Suggested articles

Discussion

  • Anonymous on

    hi  ,

    I have an inflamation and infection too hard , i can not see anything on the light and  a littele light it start with me like  alittele pain on The bottom of the upper eyelid ,and  a lot of teers next  i cant open my eyes  from teers and pain , up to  Weak light  bother and hurts my eyes and let it inability to open in one eye  and after 2 days  another eye  and switch  everytime left , right  and , etc  .

     i went to eye doctor but he told me this is infection and inflamation but i dont know why my eyes being good till now  , in month i already  put like  9 eye drops cortizon and antibiotic  but still so sick like everytime  and everything in y eye is good  and the last eye drop is quixin

    please help me , i want to know what happend in my eyes is this virous of just infection  and what kind of virous ?

    thank u so much,,

    sylvia beshay

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.