تجزیه و تحلیل بدافزار استاکس نت (stuxnet)

History The worm was at first identified by the

security company VirusBlokAda in mid-June 2010.

Journalist Brian Krebs's blog posting on 15 July 2010 was the first widely read report on the worm.

The original name given by VirusBlokAda was "Rootkit.Tmphider"; Symantec however called it "W32.Temphid", later changing to "W32.Stuxnet"

16 January

2011

7 Juillet2013

5MBStuXnet

Design and organization Stuxnet is typically introduced to the target

environment via an infected USB flash drive. %DriveLetter%\~WTR4132.tmp

%DriveLetter%\~WTR4141.tmp

%DriveLetter%\Copy of Shortcut to.lnk

%DriveLetter%\Copy of Copy of Shortcut to.lnk

%DriveLetter%\Copy of Copy of Copy of Shortcut to.lnk

%DriveLetter%\Copy of Copy of Copy of Copy of Shortcut to.lnk

LNKCVE-2010-2568

DD

MDD

Nigilant32KnTDD

Memoryze

Volatility

Trojan Dropper Win32/Stuxnet

Trojan:WinNT/Stuxnet.A

Trojan:WinNT/Stuxnet.B

807 - 1210

14102

1064

Microsoft

Microsoft Windows 2000

Windows 95

Windows 98

Windows Me

Windows NT

Windows Server 2003

Windows Vista

Windows XP

Operatingsystems

vulnerable

Target

Vaconbased in Finland

Fararo Payabased in Iran

PLC-BLASTER

References

Mohammad RezaFoshtanghi

Stuxnet Malware Analysis

Islamic Azad UniversityOf

Sabzevar

1395/1/28