Since last year, became the talk of the world Stuxnet threats and the analysis and computer security vendor. Dangerous because its action through a computer security system platform SCADA (Supervisory Control And Data Acquisition) made by the company Siemens, a system that is used to infrastructure and manufacturing industries.
Based on the statistics until the end of September 2010, Iran became the biggest target of attacks by percentage of 52.2 percent, followed by Indonesia 17.4 percent, and India 11.3 percent. This also sparked allegations that Stuxnet designed to attack Iran in particular and the industrial infrastructure such as nuclear power plants, and others.
But, do not be careless because actually Stuxnet also threaten ordinary computer network and that is no less dangerous. Be careful especially for you users of Windows Vista and Windows 7. Stuxnet proved able to bypass the UAC (User Access Control) in Windows so that makes it su and able to infect these two operating systems.
Stuxnet Vaksincom first discovered, the security solutions provider in Indonesia, in mid-June 2010, it was not attacking SCADA Stuxnet. Attacks carried out attacks aimed at Windows machines inflate the victim so hard the entire computer hard drives of any size have, if infected with this virus will run out of places aka Low Disk Space.
Besides causing Low Disk Space, Stuxnet also turn off Print Sharing, make a crash program to internal applications, to make the computer become hang and network connection is lost.
Crazy again, in carrying out its action Stuxnet exploiting five Windows vulnerabilities, including the ability to bypass the protection of UAC (User Access Control), which was heralded as a new protection that can block new viruses, so that in fact the Windows Vista and Windows 7 be vulnerable to attacks this.
Take advantage of Windows Gap
Remember Conficker you with a worm that attacks at the end of 2008? And to this day still has not exhausted its spread throughout the world. This worm is able to "embarrass" Microsoft, because it has been able to infect nearly all Windows platforms with just attacking vulnerabilities of the Windows Server Service / RPC (MS08-067).
And what about the worm Stuxnet? Worm Stuxnet very clearly is one of the worm that attacked the operating system from Microsoft and as well as Conficker worm also affects nearly all Windows platforms (both corporate and individual / individual). So, regardless or not a company or individual to use or not use the SCADA system will still get the attack and the effect of the worm Stuxnet. Amazingly, not only Stuxnet worms exploit RPC vulnerabilities like Conficker but also attacked the four vulnerability of Windows to another.
Some of the security hole exploited by the worm was able to Stuxnet is as follows:
· Windows Server Service / RPC (MS08-067) With the same technique as worms Conficker, utilizing the Windows system that is not easily update the worm will infect your computer.
· Windows Shell Icon Handler / LNK (MS10-046) Stuxnet is one of the worms that exploit this vulnerability. Taking advantage of a shortcut file, the worm infects the computer with ease.
· Windows Print Spooler / Spoolsv (MS10-061) Many of the cases that occurred under observation Vaksincom computer into trouble with the Print Server or a shared printer. And it turns out, the worm also exploits the Print Spooler Stuxnet in action.
· Windows Win32K Layout Module (MS10-073) One of the new crack of Windows that had passed by Stuxnet. By utilizing and injektion w32k.sys file, the worm Stuxnet have administrator privileges and can easily infect a computer even if "heralded" have additional protection against virus attacks or more immune to viruses.
Gap · Windows Task Scheduler is used to penetrate the new system from Windows Vista and Windows 7 is the UAC (User Account Control). By creating a schedule task for files easily infect your computer. (The bad news, at the time this article was made this gap has not provided a patch from Microsoft). by: kompas (Vaksincom)
Based on the statistics until the end of September 2010, Iran became the biggest target of attacks by percentage of 52.2 percent, followed by Indonesia 17.4 percent, and India 11.3 percent. This also sparked allegations that Stuxnet designed to attack Iran in particular and the industrial infrastructure such as nuclear power plants, and others.
But, do not be careless because actually Stuxnet also threaten ordinary computer network and that is no less dangerous. Be careful especially for you users of Windows Vista and Windows 7. Stuxnet proved able to bypass the UAC (User Access Control) in Windows so that makes it su and able to infect these two operating systems.
Stuxnet Vaksincom first discovered, the security solutions provider in Indonesia, in mid-June 2010, it was not attacking SCADA Stuxnet. Attacks carried out attacks aimed at Windows machines inflate the victim so hard the entire computer hard drives of any size have, if infected with this virus will run out of places aka Low Disk Space.
Besides causing Low Disk Space, Stuxnet also turn off Print Sharing, make a crash program to internal applications, to make the computer become hang and network connection is lost.
Crazy again, in carrying out its action Stuxnet exploiting five Windows vulnerabilities, including the ability to bypass the protection of UAC (User Access Control), which was heralded as a new protection that can block new viruses, so that in fact the Windows Vista and Windows 7 be vulnerable to attacks this.
Take advantage of Windows Gap
Remember Conficker you with a worm that attacks at the end of 2008? And to this day still has not exhausted its spread throughout the world. This worm is able to "embarrass" Microsoft, because it has been able to infect nearly all Windows platforms with just attacking vulnerabilities of the Windows Server Service / RPC (MS08-067).
And what about the worm Stuxnet? Worm Stuxnet very clearly is one of the worm that attacked the operating system from Microsoft and as well as Conficker worm also affects nearly all Windows platforms (both corporate and individual / individual). So, regardless or not a company or individual to use or not use the SCADA system will still get the attack and the effect of the worm Stuxnet. Amazingly, not only Stuxnet worms exploit RPC vulnerabilities like Conficker but also attacked the four vulnerability of Windows to another.
Some of the security hole exploited by the worm was able to Stuxnet is as follows:
· Windows Server Service / RPC (MS08-067) With the same technique as worms Conficker, utilizing the Windows system that is not easily update the worm will infect your computer.
· Windows Shell Icon Handler / LNK (MS10-046) Stuxnet is one of the worms that exploit this vulnerability. Taking advantage of a shortcut file, the worm infects the computer with ease.
· Windows Print Spooler / Spoolsv (MS10-061) Many of the cases that occurred under observation Vaksincom computer into trouble with the Print Server or a shared printer. And it turns out, the worm also exploits the Print Spooler Stuxnet in action.
· Windows Win32K Layout Module (MS10-073) One of the new crack of Windows that had passed by Stuxnet. By utilizing and injektion w32k.sys file, the worm Stuxnet have administrator privileges and can easily infect a computer even if "heralded" have additional protection against virus attacks or more immune to viruses.
Gap · Windows Task Scheduler is used to penetrate the new system from Windows Vista and Windows 7 is the UAC (User Account Control). By creating a schedule task for files easily infect your computer. (The bad news, at the time this article was made this gap has not provided a patch from Microsoft). by: kompas (Vaksincom)
