20 gennaio 2011

Stuxnet not such a masterpiece after all? - The H Security: News and Features

Stuxnet Logo Some security specialists are now questioning whether Stuxnet is really as much of a masterpiece of malware programming as it has been made out to be. Although it combines a lot of knowledge from a range of disciplines, they believe that the implementation was sloppy. Security web site Threatpost, for example, cites security specialist Tom Parker. Parker believes that the worm's command and control mechanism was poorly implemented, since it sent data traffic in unencrypted form. He also points out that the worm spread via the web, which resulted in uncontrolled infection of systems other than the actual target.

Parker believes that a range of groups must have worked on the worm, and that a highly talented group must have programmed the exploits and the code for modifying control systems. A less talented group may then have added the functionality for getting the malware to its target. The quality of the Stuxnet code is reported to be low and it is said to omit modern methods for hiding on infected systems and preventing analysis by anti-virus vendors.

Security specialist Nate Lawson expresses similar views . Although Stuxnet includes some obfuscation techniques and installs a rootkit, Lawson notes that this does not make it any different from any other recent worm. Contrary to a recent report by the New York Times, Lawson even expresses the hope that the US was not involved in writing the worm. He adds that he hopes that digital weaponry developers have a little more up their sleeves than tricks used by Bulgarian teenagers to disguise viruses back in the '90s.

Parker and Lawson both come to the conclusion that the worm's authors probably just did not have enough time to improve the code and its obfuscation. However, many of the comments on Lawson's blog express the view that Stuxnet simply did not have any need for sophisticated camouflage techniques and point out that it took anti-virus specialists Siemens, and SCADA experts, months to discover and understand Stuxnet even without these mechanisms.

See also:

(crve)

Nessun commento: