[CloneRanger]

@ EP_X0FF

Very good links and info :) I hadn't read that before now.

swirl Gave a nice link to Langer which linked to here - http://www.upi.com/News_Photos/Features ... an/1581/2/ - It quite clearly shows SCADA software with an error seen on a computer screen of the Bushehr nuclear power plant = Licence Expired

Here's Seimens official hit page etc - http://support.automation.siemens.com/W ... aller=view

The plot thickens.

[swirl]

swirl Gave a nice link to Langer which linked to here - http://www.upi.com/News_Photos/Features ... an/1581/2/ - It quite clearly shows SCADA software with an error seen on a computer screen of the Bushehr nuclear power plant = Licence Expired

about that image, some nice comments here: http://www.hackerfactor.com/blog/index. ... Nukes.html
but yes, if that is the current state of their computer system stuxnet was not necessary :D

[CloneRanger]

@ swirl

About that image

Good find :)

I see what you mean about it being in English, and the water etc treatment info, but i suppose it's possible. Anyway we do know for a fact that Iran has had SCADA systems infected, to what degree though i doubt we'll find out. Unless they choose to use the illegal infiltration to their advantage, and announce to the world who did it and why etc ;)

Here's some info from Siemens on how to use WinCC

Notes on using the Remote software on WinCC stations:

* Unlike PCS 7, the pcAnywhere software is not supplied withWinCC.
* The Host version of pcAnywhere must be installed on a WinCC station if that WinCC station is to be remote controlled by another PC station with pcAnywhere.
* The other PC station that remote controls the WinCC station needs the Remote version of pcAnywhere for remote control. For this you need the full version of pcAnywhere.
If you wish to use the full version of pcAnywhere from Symantec, then you have to procure the software.
* The full version of pcAnywhere is not released on WinCC systems.

As from WinCC V6.2, the "Microsoft Windows NetMeeting" software is released for Remote Service access and Remote Operation.

Isn't that asking for trouble ?

Notes on using virus scanners on WinCC stations:

* Disable the integrated firewall of the virus scanners or do not install the firewall.
* Do not run manual or time-controlled scans during Runtime mode.
* In the case of automatic scanning, only monitor the incoming data traffic.
* Scan only local drives.
* Enable e-mail scanning only on WinCC Engineering Stations.
* Disable display of dialog messages.

http://support.automation.siemens.com/W ... reeLang=en

Some of those instructions don't look like good advice either !

[EP_X0FF]

Offtopic political post removed. Please concentrate on technical side of the topic, not demagogy.

[Evilcry]

and it's important to mention the fact that SCADA is highly spreaded, BP Oil for example:

http://www.btsecurethinking.com/2010/06 ... -controls/
http://webcache.googleusercontent.com/s ... =firefox-a

[sww]

http://www.symantec.com/connect/blogs/e ... on-process

[CloneRanger]

@ sww

Thanks for the link :)

Here's some more details

*

Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner

*

So far, Stuxnet has infected at least 45,000 industrial control systems around the world

http://news.yahoo.com/s/csm/327178

Strange ! Seimens says only 15

Latest news on the infected computers:
To date, we know of 15 systems infected worldwide

http://support.automation.siemens.com/W ... aller=view

Stuxnet logbook, Sep 21 2010, 1200 hours MESZ

Ralph's analysis, part 2

http://www.langner.com/en/index.htm

It's getting hotter !

[__Genius__]

Yes, actually eveything almost is obvious, the main target was iran and stuxnet successfully did it's mission done .
Also, I've seen lots of computers that are non-related to government and SCADA have been infected with stuxnet in our country (iran) .
So, it's the start of cyber war between Israel, USA & maybe targeted iran ... .
Actually, there's no problem with writing an Anti-Stuxnet, but according to Ralph's analysis it's a one-shot cyber weapon .
hmmm, I don't know what exactly our government still thinking about it, but actually there's no reliable solution available by our countrie's joking security companies ... .
I'm busy right now but in a proper time I'm hope to look at this malware, it's perfect :) .

btw, I don't know what's going on in our shit security companies (still I'm believe most of them are lol companies ... )

[swirl]

two more links from reddit:

http://www.eset.com/resources/white-pap ... oscope.pdf

and

http://frank.geekheim.de/?p=1189

about this last one, I don't think this kinds of attacks are a prerogative of states. Now this in
particular seems to point to a state ok, but what you really need is money and then you can find
some.. "professional(s)" to take care of the rest :twisted:

[Brookit]

Candidate for the malware with most surprises:
http://www.symantec.com/connect/blogs/s ... nerability

Lets see whats next...