Home > Other, Tech > Stuxnet Redux: Questions and Answers – F-Secure Weblog : News from the Lab

Stuxnet Redux: Questions and Answers – F-Secure Weblog : News from the Lab

December 14, 2010 Leave a comment Go to comments

There is a lot of research going into the Stuxnet worm that infiltrated sensitive uranium enrichment plants in Iran. This worm was developed for a very specific purpose, not to steal money or information but to CREATE HAVOC IN THE URANIUM ENRICHMENT PROCESS.

Virus researchers figure that the worm has been in the wild for about a year and a half, uses 4 zero day exploits (at a cost of $50,000 to $500,000 per exploit) and cost a total of about 10 man-years worth of work to develop. This was NOT the result of script kiddies working in Mom’s basement.

Here are some of the questions asked and answered:

Q: Would the Stuxnet code cause centrifuges to disintegrate into projectiles traveling at around Mach 2?
A: It’s more likely the modifications would cause the centrifuges to produce bad-quality uranium. The changes could go undetected for extended periods of time.

Q: Why is Stuxnet considered to be so complex?
A: It uses multiple vulnerabilities and drops its own driver to the system.

Q: How can it install its own driver? Shouldn’t drivers be signed for them to work in Windows?
A: Stuxnet driver was signed with a certificate stolen from Realtek Semiconductor Corp.

Q: How do you steal a certificate?
A: Maybe with malware looking for certificate files and using a keylogger to collect the passphrase when it’s typed in. Or breaking in and stealing the signing gear, then brute-forcing the passphrase.

Q: Has the stolen certificate been revoked?
A: Yes. VeriSign revoked it on July 16th. A modified variant signed with a certificate stolen from JMicron Technology Corp was found on July 17th.

Q: What’s the relation between Realtek and Jmicron?
A: Nothing. But these companies have their HQs in the same office park in Taiwan… which is weird.

Fascinating read. Read more at:

Stuxnet Redux: Questions and Answers – F-Secure Weblog : News from the Lab.

  1. JPokorny
    December 17, 2010 at 10:49 am

    I believe it is accepted that telephone companies like ATT cooperate with US intelligence. So, do/will US software mfgrs cooperate with the US gov’t to intentionally open back doors in software to support US cyber warfare?

    • Ody
      December 17, 2010 at 10:55 am

      This opens up a pandora’s box – if that backdoor access is ever discovered and RoC or EU finds out a software vendor aided and abetted the US in allowing that back door, you can bet their sales in those countries would plummet. Will companies be willing to allow that?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: