SitePoint Sponsor

User Tag List

Results 1 to 10 of 10

Thread: stuxnet

  1. #1
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    stuxnet

    Stuxnet.A creates the following files:

    * MRXCLS.SYS and MRXNET.SYS, in the folder drivers of the Windows system directory. These files belong to the malware detected as Rootkit/TmpHider. These files have the digital signatures of certain companies, which have been supposedly stolen from them. The aim is to pass themselves as legitimate files.
    http://www.pandasecurity.com/homeuse...tion/Stuxnet.A

    Please explain more about bold files
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  2. #2

  3. #3
    SitePoint Member
    Join Date
    Oct 2010
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also Stuxnet is just for attacking some industrial systems, not home or office systems. And their mainly target were iran factories or industries, and china ones. Don't worry it wont do anything on any home or office pc, unless they are in the specific target list of stuxnet.

  4. #4
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Stuxnet.A creates several random mutexes, in order to ensure that only a copy of the worm is active at any moment.
    if it wants to make sure only one stux is running then it must create mutex for evey computer. what does it mean by several random mutexes?

    which resource locks by this mutex?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  5. #5
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    May someone guide me
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  6. #6
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Basically it means that this virus creates multiple values (files/registry entries) that it checks to see if that system is already infected and by which version of virus.

  7. #7
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The Department of Homeland Security (DHS) and a team at the national lab have reverse-engineered and decoded Stuxnet
    http://news.yahoo.com/s/csm/20101118/ts_csm/344234
    May someone explain about how to decode stuxnet?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  8. #8
    SitePoint Member
    Join Date
    Nov 2010
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It possible to reverse engineer pretty much any program, however its a complex business. And you would need some knowledge at least of shellcoding and assembly.

    There is a dossier available on Stuxnet, I read it a few weeks back, it was made by Symantec and is about 60 pages long but it is a good read.


    All the best,

    Mark

  9. #9
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there anyone to explain how to decode stuxnet?May you explain more about how to decode it? Is it by assembly?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  10. #10
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Stuxnet is one of most advanced malware known to general public. It is made by highly skilled developers with the aim to make reverse engineering it very difficult, even for people who possess necessary skills and resources. And yet you wish to reverse engineer it yourself... Google for disassembly, malware forensics. Look through giac.org / sans.org certification materials and whitepapers on software forensics. Or to get the picture - try figuring out the exact algorithm of tracert.exe utility that comes with windows.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •