Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion.

Similar presentations


Presentation on theme: "Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion."— Presentation transcript:

1 Sam Skalicky Biru Cui

2  Discovery  Architecture  Evaluation  Conclusion

3  VirusBlokAda  Zero-day  Microsoft  Stuxnet <=.stub + MrxNet.sys  Symantec

4  Organization  Installation  Propagation  Target & Process

5  Organization  Exports  Resources  Configuration

6  Installation  E 15: environment scan, escalation  E 16: copy, hide, autorun (certificate)

7  Propagation  WinCC SQL  P2P RPC  Printer spooler  Removable disk .lnk, ~WTR4141.tmp, ~WTR4132.tmp  Autorun.inf

8  Target  Step 7 (E2/E14)  PLC  Data Blocks (DB)  System Data Blocks (SDB)  Organization Blocks (OB)  Function Blocks (FC)

9  Process  Broker  FC: RECV  OB1/OB35

10  Process  Profibus ID  CP  Frequency converter

11  Process  1.41kHz 1.064kHz 2Hz

12  Complex  code size  propagation methods  zero-day exploit  certificate steal  specific target Step/PLC/FC

13  Where

14  What

15  Very small risk to the majority of users  Worm was target so specifically  Modifying large spinning motors to fail  Shorting out  Overheat  Disengage from their mounting  Consumes disk space (500KB)  New type of worm detected

16  W32.Duqu, a new beginning?

17  [1] “Frequently Asked Questions on Virus-L/comp.virus.” Internet: Oct. 9, 1995 [Jan. 7, 2012].http://www.faqs.org/faqs/computer-virus/faq/  [2] “MS10-061: Printer Spooler Vulnerability.” Internet: printer-spooler-vulnerability.aspx, Sept. 14, 2010 [Jan. 7, 2012] printer-spooler-vulnerability.aspx  [3] Nicolas Falliere, Liam O Murchu, and Eric Chien, “W32.Stuxnet” Synmatec, November  [4] K. Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” Internet: detectives-deciphered-stuxnet/all/1, July 11, detectives-deciphered-stuxnet/all/1


Download ppt "Sam Skalicky Biru Cui.  Discovery  Architecture  Evaluation  Conclusion."

Similar presentations


Ads by Google