I think most of the people who have interest in hacking they've heard about Stuxnet.If not its Ok, It is a windows based virus targeting Siemens’ SCADA software and have capability to reprogramme according to the situation.According to the Wiki it was first discovered in june 2010 by VirusBlokAda, a security firm based in Belarus. it is also work as a rootkit to conceal its presence.
It is not possible to design a this type of virus without any government support because it is about 500kb in size. it has many new features which haven't seen before and stolen two security certificate from Realtek and Jmicron.
I've search a lot to find signature information of Stuxnet virus but haven't find yet because most of the popular Antivirus companies are reading the code and they r trying to find signature. I found some very important information regarding Stuxnet that how can we safe our computer from Stuxnet.
I m giving the url where i found this information
http://gretonger.blogspot.com/2010/08/tips-cleaning-stuxnet-virus-hardisk.html
1. Using Dr. Web CureIt , u can download from FreeDrWeb.com
2. Registry Fix
[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, SuperHidden,0x00010001,1
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt,0x00010001,0
HKLM, SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1""
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"
[del]
HKLM, SYSTEM\CurrentControlSet\Services\MRxCls
HKLM, SYSTEM\CurrentControlSet\Services\MRxNet
HKLM, SYSTEM\ControlSet001\Services\MRxCls
HKLM, SYSTEM\ControlSet002\Services\MRxNet
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_MRXNET
HKLM, SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_MRXClS
HKLM, SYSTEM\ControlSet002\Services\Enum\Root\LEGACY_MRXNET
save as 'repair.inf'. Use the Save as type option to Text Document in order to avoid mistakes. Then, right click the file 'repair.inf', select 'Install' and restart the computer.
"Clean up temporary files, this in order to prevent the rest of the trojan is trying to become active again. Use tools such as ATF Cleaner or use the features of Windows that is the Disk Clean-Up," wrote Adi.
3. Emergency Solutions
In addition, the following is a script that can be used in emergencies to prevent re-infecting Winsta not. Save the following script with the name Winsta.bat (file type: Text)
@echo off
del /f c:\windows\system32\winsta.exe
rem rd c:\windows\system32\winsta.exe
md c:\windows\system32\winsta.exe
del /f c:\windows\system32\drivers\mrxnet.sys
rem rd c:\windows\system32\drivers\mrxnet.sys
md c:\windows\system32\drivers\mrxnet.sys
del /f c:\windows\system32\drivers\mrxcls.sys
rem rd c:\windows\system32\drivers\mrxcls.sys
md c:\windows\system32\drivers\mrxcls.sys
attrib +r +h +s c:\windows\system32\winsta.exe
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
attrib +r +h +s c:\windows\system32\drivers\mrxnet.sys
Once completed, double-click the resulting file Winsta.bat. For optimal cleaning and prevent re-infection, re-use antivirus software that scans an updated and properly recognize this virus.
Most of the Nuclear center of Iran are infected by the Stuxnet because they were using Simens hardware in their center and Indian Inset also use this Siemens hardware but according to ISRO chief we are in safe because we are using own software for Siemens tools.After the reading Stuxnet code many researcher are saying that behind all this there is only one nation Israel, because lots of words which are used in code like MYRTUS are Hebrew and they also don't like Iran Nuclear program. Now we are able to make own operating system to secure our research program.I think now we should work in this area because hackers are now targeting to crack the ISRO,BARC sytem to steal sensitive information we can't believe on others OS and at last I want to say please check your Huawei modem and its firmware program, u cant believe , there might be a loopholes......
No comments:
Post a Comment