Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Stuxnet Variant Origins May Stretch Back to 2005, Symantec Says

    By
    Brian Prince
    -
    February 28, 2013
    Share
    Facebook
    Twitter
    Linkedin

      Researchers at Symantec have uncovered another phase in the evolution of Stuxnet, an early variant of the malware that may have been developed as early as 2005.

      In the more than two years that has passed since Stuxnet was discovered during the summer of 2010, the malware’s complexity and goal of causing damage in the physical world has led to multiple efforts to peel back all of the layers of Stuxnet’s existence. But while it was previously believed to have first appeared in 2009, Symantec researchers have uncovered an older variant that they have traced back to years before.

      Dubbed Stuxnet version 0.5, the variant was submitted to a public malware scanning service during 2007, but may have been in operation as early as 2005, according to Symantec. This particular version is designed to stop compromising computers on July 4, 2009, and to stop communicating with its command and control (C&C) servers on Jan. 11, 2009. It replicates through the infection of Siemens Step 7 project files and does not exploit any Microsoft vulnerabilities as later versions did.

      “When Symantec first disclosed details about how Stuxnet affected the programmable logic controllers (PLCs) used for uranium enrichment in Natanz, Iran, we documented two attack strategies,” according to Symantec’s Security Response Team. “We also noted that the one targeting 417 PLC devices was disabled. We have now obtained an earlier version of Stuxnet that contains the fully operational 417 PLC device attack code.”

      “After painstaking analysis, we can now confirm that the 417 PLC device attack code modifies the state of the valves used to feed UF6 (uranium hexafluoride gas) into the uranium enrichment centrifuges,” according to Symantec. “The attack essentially closes the valves causing disruption to the flow and possibly destruction of the centrifuges and related systems.”

      The code also takes snapshots of the normal running state of the system and replays normal operating values during an attack to hide what is going on. It also prevents modification to the valve states in case the operator tries to make any changes to the settings during an attack.

      “By closing almost all valves except the initial feed stage valves, UF6 will continue to flow into the system,” Symantec found. “This act alone may cause damage to the centrifuges themselves. However, the attack expects the pressure to reach five times the normal operating pressure. At this pressure, significant damage to the uranium enrichment system could occur and the UF6 gas could even revert to a solid.”

      According to Vikram Thakur, security response manager at Symantec, researchers have now seen four variants of Stuxnet, which is widely believed to have been created by the United States and Israel in a secret project code-named “Olympic Games.”

      Unlike other versions, Stuxnet 0.5 is partly based on the Flamer (Flame) platform. The other known versions were based primarily on the Tilded platform, and the developers actually re-implemented the Flamer platform components using Tilded.

      “There are at least a couple of theories about why the platform was changed from Flamer to Tilded,” Thakur said. “First, the Stuxnet project may have been assigned to a different set of developers prompting the change. Alternatively, it may be that the team decided to revamp the code completely after some attack instances in order to reduce the longevity of malcode for fear of it being detected.”

      “Until recently we only knew that the Stuxnet developers had access to the resources of Flamer,” Thakur said. “However, the recent developments we released this week confirmed our suspicions that the Stuxnet and Flamer developers are indeed related. They’re either part of the same team of developers, or they’re part of separate teams, but operating within the same organization.”

      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×