SlideShare uma empresa Scribd logo

Stuxnet flame

Transferir como PPT, PDF
Santosh Khadsare
Santosh Khadsare

This is a ppt on Stuxnet and Flame virus. It covers similarities and evolution of the viruses

EducaçãoTecnologia
1 de 27
STUXNET ….DUQU….FALME…..? Santosh Khadsare
“Now we’re living in the era of cyber weapons. The world is different. Not just cyber hooligans, vandals. Not just criminals. But governments are in the game and I’m afraid for the worst, I’m still expecting, cyber terrorism.” Eugene Kaspersky ,CEO of Kaspersky Lab
Stuxnet….Duqu….Flame • Stuxnet is a computer work discovered in June 2010. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit. • Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The main component used in Duqu is designed to capture information such as
Stuxnet….Duqu….Flame • Flame like Duqu, is designed to steal different databases. A completely new thing that Flame can be used for is audio spying. Flame detects and recognizes a microphone on the infected computer, turns the microphone on and then records every conversation taking place in this room. Recorded data is immediately transferred to the server from which the virus began to spread.
Stuxnet • Spread on Microsoft Windows • Developed June 2009 • Spreading began late 2009/early 2010 • Discovered in July 2010 o Microsoft out-of-band patch released August 2010 - .lnk exploit o More patches with the September 'Patch Tuesday' - print spooler exploit • Around half a megabyte • C, C++, and other object oriented languages
What the news says it was • Iranian centrifuge destroyer! o It's one goal was to destroy the Iranian nuclear program • Developed by the United States and Israel • Contributed to the Gulf oil leak • 'Mission: Impossible'-like virus • It will kill your unborn children o Assuming they are born in a hospital using PLC machines
How it did it • USB drive for initial infection, then spread on network • .lnk file exploit o As soon as the shortcut is displayed, exploit is run • Windows vulnerabilities o EoP  Task scheduler o MS08-067 (Conficker) - Already patched!!!! (but not on these systems) o Printspooler exploit o Used at least 4 previously undiscovered vulnerabilities • Searched for WinCC and PCS 7 SCADA management programs o Tried default Siemens passwords to gain access o If access is granted, PLC software could be reprogrammed • Used stolen signed digital certificates
How it did it (cont.) • Installed a RPC server • Self-updating o Machines check on other machines running Stuxnet and do a version check o Newer versions automatically push their version onto the other machines o Older versions automatically request newer version to be pushed  If central server goes down, updates still spread *RPC: Remote Procedure Call
Links • Stuxnet was the first cyber-weapon targeting industrial facilities. The fact that Stuxnet also infected regular PCs worldwide led to its discovery in June 2010, although the earliest known version of the malicious program was created one year before that. • The next example of a cyber-weapon, now known as Duqu, was found in September 2011. Unlike Stuxnet, the main task of the Duqu Trojan was to serve as a backdoor to the infected system and steal private information (cyber-espionage). • During the analysis of Duqu, strong similarities
Senior Virus Analyst Alexander Gostev A Russian computer security company (Kaspersky Lab’s) detected a new spyware program called Flame.
The Find……..Flame • In April 2012, several computers of the National Iranian Oil Company, as well as several Iranian ministries, have been infected by an unknown virus. This case was just a single link in a chain of cyber attacks during which viruses like Stuxnet and Duqu were used. • The International Telecommunication Union (ITU) has Kaspersky Labs to analyze the situation. They were searching for a virus called Wiper, but found something more terrible instead – the Flame.
The Find……..Flame • The “Resource 207” module is an encrypted DLL file and it contains an executable file that’s the size of 351,768 bytes with the name “atmpsvcn.ocx”. This particular file, as it is now revealed by Kaspersky Lab’s investigation, has a lot in common with the code used in Flame. • The list of striking resemblances includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming. • More than that, most sections of code appear to be identical or similar in the respective Stuxnet and Flame modules, which leads to the
• Kaspersky Lab discovered that a module from the early 2009-version of Stuxnet, known as “Resource 207,” was actually a Flame plugin. • This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet. • This module was used to spread the infection via USB drives. The code of the USB drive infection mechanism is identical in Flame and Stuxnet.
• The Flame module in Stuxnet also exploited a vulnerability which was unknown at the time and which enabled escalation of privileges, presumably MS09-025. Subsequently, the Flame plugin module was removed from Stuxnet in 2010 and replaced by several different modules that utilized new vulnerabilities.
Flame: The sophisticated virus has been used to spy on computer systems
Daily Mail…..15 Jun 2012 • Both Flame and Stuxnet are believed to have been used by the U.S. government to wage online warfare against hostile regimes.
Washington Post ..17 Jun 2012 • The recent disclosure that Stuxnet was approved by both Presidents George W. Bush and Obama as a covert operation aimed at Iran sheds new light on a nascent U.S. offensive cyberweapons program that has largely existed in the shadows. Instead of forcing cyberweapons into deeper secrecy, the disclosure should prompt a more open and thorough policy debate about 21st-century threats and how they will be countered with American power. • The virus, codenamed Olympic Games, was passed from President Bush to President Obama. Obama knew about each attack made against the Iranian nuclear program, deciding this was a good alternative to a physical war
• This is just the beginning……………

Recomendados

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Stuxnet
StuxnetStuxnet
StuxnetShishir Aryal
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet
StuxnetStuxnet
StuxnetSymantec
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer wormSumaiya Ismail
 

Recomendados

The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
Stuxnet - More then a virus.
Stuxnet - More then a virus.Stuxnet - More then a virus.
Stuxnet - More then a virus.Hardeep Bhurji
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case StudyAmr Thabet
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Stuxnet
StuxnetStuxnet
StuxnetShishir Aryal
 
Stuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackStuxnet mass weopan of cyber attack
Stuxnet mass weopan of cyber attackAjinkya Nikam
 
Stuxnet
StuxnetStuxnet
StuxnetSymantec
 
Stuxnet, a malicious computer worm
Stuxnet, a malicious computer wormStuxnet, a malicious computer worm
Stuxnet, a malicious computer wormSumaiya Ismail
 
Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet wormsommerville-videos
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierAlireza Ghahrood
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPtArnab Singha
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart StuxnetGil Megidish
 
COMPUTER VIRUS
COMPUTER VIRUSCOMPUTER VIRUS
COMPUTER VIRUSArnab Singha
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAlfred George
 
Computer virus
Computer virusComputer virus
Computer virusShubham Kafle
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
virus and antivirus
virus and antivirusvirus and antivirus
virus and antivirusshashank kurakula
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYRisman Hatibi
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Computer Virus
Computer VirusComputer Virus
Computer VirusMiddle East International School
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventionsPrem Kumar Bonam
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Reportrawaabdullah
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyNick Bilogorskiy
 
Edward Snowden Data-Breach
Edward Snowden Data-BreachEdward Snowden Data-Breach
Edward Snowden Data-BreachDeepak Kumar (D3)
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSSantosh Khadsare
 

Mais conteúdo relacionado

Mais procurados

Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierAlireza Ghahrood
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYRisman Hatibi
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventionsPrem Kumar Bonam
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Reportrawaabdullah
 

Mais procurados (20)

Stuxnet worm
Stuxnet wormStuxnet worm
Stuxnet worm
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
 
Malware
MalwareMalware
Malware
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPt
 
Ransomware
RansomwareRansomware
Ransomware
 
I Heart Stuxnet
I Heart StuxnetI Heart Stuxnet
I Heart Stuxnet
 
COMPUTER VIRUS
COMPUTER VIRUSCOMPUTER VIRUS
COMPUTER VIRUS
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
virus and antivirus
virus and antivirusvirus and antivirus
virus and antivirus
 
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITYSECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
SECURE MEDIA EXCHANGE (SMX) HONEYWELL INDUSTRIAL CYBER SECURITY
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
Edward Snowden Data-Breach
Edward Snowden Data-BreachEdward Snowden Data-Breach
Edward Snowden Data-Breach
 

Destaque

Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)reza00021
 
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industrielNuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industrielDavid Bigot
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Byres Security Inc.
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference ProgramLee Mordechai
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More ProfitWhatRunsWhere
 
Corporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligenceCorporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligenceMartin Brunet
 
Human as a virus
Human as a virusHuman as a virus
Human as a virusYaniv sela
 
Digital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: MediaDigital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: MediaKarin Wahl-Jorgensen
 
Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio kennywhite
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?anupriti
 

Destaque (20)

Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723
 
INTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPSINTERNET SECUIRTY TIPS
INTERNET SECUIRTY TIPS
 
Virus&malware
Virus&malwareVirus&malware
Virus&malware
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Espionage
EspionageEspionage
Espionage
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
تجزیه و تحلیل بدافزار استاکس نت (Stuxnet)
 
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industrielNuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
Nuit du Hack 2K16 - Scénarios d'attaques sur un système industriel
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?Duqu: il nuovo Stuxnet?
Duqu: il nuovo Stuxnet?
 
Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1Mission Critical Security in a Post-Stuxnet World Part 1
Mission Critical Security in a Post-Stuxnet World Part 1
 
Case study 11
Case study 11Case study 11
Case study 11
 
FLAME Conference Program
FLAME Conference ProgramFLAME Conference Program
FLAME Conference Program
 
10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit10 Spying Strategies To Generate More Profit
10 Spying Strategies To Generate More Profit
 
Corporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligenceCorporate espionage versus competitive intelligence
Corporate espionage versus competitive intelligence
 
Human as a virus
Human as a virusHuman as a virus
Human as a virus
 
Digital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: MediaDigital Citizenship and Surveillance Society: Media
Digital Citizenship and Surveillance Society: Media
 
Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio Cinema Volano - Programma Dicembre-Febbraio
Cinema Volano - Programma Dicembre-Febbraio
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 

Semelhante a Stuxnet flame

History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus Ammy Vijay
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Virusesmkgspsu
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).pptPrinceYdvz
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virusLeonor Costa
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and WormsGrittyCC
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 

Semelhante a Stuxnet flame (20)

Historyofviruses
HistoryofvirusesHistoryofviruses
Historyofviruses
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer worm
Computer wormComputer worm
Computer worm
 
Computer worm
Computer wormComputer worm
Computer worm
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).ppt
 
Viruses
VirusesViruses
Viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Cyber
CyberCyber
Cyber
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
The EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systemsThe EternalBlue Exploit: how it works and affects systems
The EternalBlue Exploit: how it works and affects systems
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Trojan ppt pianca
Trojan ppt piancaTrojan ppt pianca
Trojan ppt pianca
 

Mais de Santosh Khadsare

INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 

Mais de Santosh Khadsare (20)

Cyber fraud (netflix)
Cyber fraud (netflix)Cyber fraud (netflix)
Cyber fraud (netflix)
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
 
Smart card
Smart cardSmart card
Smart card
 
Guassvirus
GuassvirusGuassvirus
Guassvirus
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Webmail
WebmailWebmail
Webmail
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Web server
Web serverWeb server
Web server
 
Samba server
Samba serverSamba server
Samba server
 
Firewall(linux)
Firewall(linux)Firewall(linux)
Firewall(linux)
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Linuxfilesys
LinuxfilesysLinuxfilesys
Linuxfilesys
 
Linuxconcepts
LinuxconceptsLinuxconcepts
Linuxconcepts
 
Introtolinux
IntrotolinuxIntrotolinux
Introtolinux
 
New internet
New internetNew internet
New internet
 

Último

Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Último (20)

Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Stuxnet flame

  • 2. “Now we’re living in the era of cyber weapons. The world is different. Not just cyber hooligans, vandals. Not just criminals. But governments are in the game and I’m afraid for the worst, I’m still expecting, cyber terrorism.” Eugene Kaspersky ,CEO of Kaspersky Lab
  • 3. Stuxnet….Duqu….Flame • Stuxnet is a computer work discovered in June 2010. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit. • Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The main component used in Duqu is designed to capture information such as
  • 4. Stuxnet….Duqu….Flame • Flame like Duqu, is designed to steal different databases. A completely new thing that Flame can be used for is audio spying. Flame detects and recognizes a microphone on the infected computer, turns the microphone on and then records every conversation taking place in this room. Recorded data is immediately transferred to the server from which the virus began to spread.
  • 5.
  • 6. Stuxnet • Spread on Microsoft Windows • Developed June 2009 • Spreading began late 2009/early 2010 • Discovered in July 2010 o Microsoft out-of-band patch released August 2010 - .lnk exploit o More patches with the September 'Patch Tuesday' - print spooler exploit • Around half a megabyte • C, C++, and other object oriented languages
  • 7. What the news says it was • Iranian centrifuge destroyer! o It's one goal was to destroy the Iranian nuclear program • Developed by the United States and Israel • Contributed to the Gulf oil leak • 'Mission: Impossible'-like virus • It will kill your unborn children o Assuming they are born in a hospital using PLC machines
  • 8. How it did it • USB drive for initial infection, then spread on network • .lnk file exploit o As soon as the shortcut is displayed, exploit is run • Windows vulnerabilities o EoP  Task scheduler o MS08-067 (Conficker) - Already patched!!!! (but not on these systems) o Printspooler exploit o Used at least 4 previously undiscovered vulnerabilities • Searched for WinCC and PCS 7 SCADA management programs o Tried default Siemens passwords to gain access o If access is granted, PLC software could be reprogrammed • Used stolen signed digital certificates
  • 9. How it did it (cont.) • Installed a RPC server • Self-updating o Machines check on other machines running Stuxnet and do a version check o Newer versions automatically push their version onto the other machines o Older versions automatically request newer version to be pushed  If central server goes down, updates still spread *RPC: Remote Procedure Call
  • 10.
  • 11.
  • 12. Links • Stuxnet was the first cyber-weapon targeting industrial facilities. The fact that Stuxnet also infected regular PCs worldwide led to its discovery in June 2010, although the earliest known version of the malicious program was created one year before that. • The next example of a cyber-weapon, now known as Duqu, was found in September 2011. Unlike Stuxnet, the main task of the Duqu Trojan was to serve as a backdoor to the infected system and steal private information (cyber-espionage). • During the analysis of Duqu, strong similarities
  • 13. Senior Virus Analyst Alexander Gostev A Russian computer security company (Kaspersky Lab’s) detected a new spyware program called Flame.
  • 14. The Find……..Flame • In April 2012, several computers of the National Iranian Oil Company, as well as several Iranian ministries, have been infected by an unknown virus. This case was just a single link in a chain of cyber attacks during which viruses like Stuxnet and Duqu were used. • The International Telecommunication Union (ITU) has Kaspersky Labs to analyze the situation. They were searching for a virus called Wiper, but found something more terrible instead – the Flame.
  • 15. The Find……..Flame • The “Resource 207” module is an encrypted DLL file and it contains an executable file that’s the size of 351,768 bytes with the name “atmpsvcn.ocx”. This particular file, as it is now revealed by Kaspersky Lab’s investigation, has a lot in common with the code used in Flame. • The list of striking resemblances includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming. • More than that, most sections of code appear to be identical or similar in the respective Stuxnet and Flame modules, which leads to the
  • 16.
  • 17. • Kaspersky Lab discovered that a module from the early 2009-version of Stuxnet, known as “Resource 207,” was actually a Flame plugin. • This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet. • This module was used to spread the infection via USB drives. The code of the USB drive infection mechanism is identical in Flame and Stuxnet.
  • 18. • The Flame module in Stuxnet also exploited a vulnerability which was unknown at the time and which enabled escalation of privileges, presumably MS09-025. Subsequently, the Flame plugin module was removed from Stuxnet in 2010 and replaced by several different modules that utilized new vulnerabilities.
  • 19.
  • 20.
  • 21. Flame: The sophisticated virus has been used to spy on computer systems
  • 22.
  • 23.
  • 24.
  • 25. Daily Mail…..15 Jun 2012 • Both Flame and Stuxnet are believed to have been used by the U.S. government to wage online warfare against hostile regimes.
  • 26. Washington Post ..17 Jun 2012 • The recent disclosure that Stuxnet was approved by both Presidents George W. Bush and Obama as a covert operation aimed at Iran sheds new light on a nascent U.S. offensive cyberweapons program that has largely existed in the shadows. Instead of forcing cyberweapons into deeper secrecy, the disclosure should prompt a more open and thorough policy debate about 21st-century threats and how they will be countered with American power. • The virus, codenamed Olympic Games, was passed from President Bush to President Obama. Obama knew about each attack made against the Iranian nuclear program, deciding this was a good alternative to a physical war
  • 27. • This is just the beginning……………