تجزیه و تحلیل بدافزار استاکس نت (stuxnet)
TRANSCRIPT
History The worm was at first identified by the
security company VirusBlokAda in mid-June 2010.
Journalist Brian Krebs's blog posting on 15 July 2010 was the first widely read report on the worm.
The original name given by VirusBlokAda was "Rootkit.Tmphider"; Symantec however called it "W32.Temphid", later changing to "W32.Stuxnet"
16 January
2011
7 Juillet2013
5MBStuXnet
Design and organization Stuxnet is typically introduced to the target
environment via an infected USB flash drive. %DriveLetter%\~WTR4132.tmp
%DriveLetter%\~WTR4141.tmp
%DriveLetter%\Copy of Shortcut to.lnk
%DriveLetter%\Copy of Copy of Shortcut to.lnk
%DriveLetter%\Copy of Copy of Copy of Shortcut to.lnk
%DriveLetter%\Copy of Copy of Copy of Copy of Shortcut to.lnk
LNKCVE-2010-2568
DD
MDD
Nigilant32KnTDD
Memoryze
Volatility
Trojan Dropper Win32/Stuxnet
Trojan:WinNT/Stuxnet.A
Trojan:WinNT/Stuxnet.B
807 - 1210
14102
1064
Microsoft
Microsoft Windows 2000
Windows 95
Windows 98
Windows Me
Windows NT
Windows Server 2003
Windows Vista
Windows XP
Operatingsystems
vulnerable
Target
Vaconbased in Finland
Fararo Payabased in Iran
PLC-BLASTER
References
Mohammad RezaFoshtanghi
Stuxnet Malware Analysis
Islamic Azad UniversityOf
Sabzevar
1395/1/28