In association with heise online

24 September 2010, 11:03

Vulnerability exploited by Stuxnet discovered more than a year ago.

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

One of the vulnerabilities exploited by the Stuxnet worm was apparently not all that new. The printer spooler vulnerability was described in an article in the April 2009 edition of hakin9, a Polish publication that is fairly well known in hacking circles. The article, by security specialist Carsten Köhler, was entitled "Print your Shell". Köhler also published a demo exploit for the vulnerability.

Microsoft fixed a vulnerability in the printer spooler last patch day and stated that Stuxnet was exploiting the vulnerability to spread across networks. Microsoft has also confirmed that the vulnerability in question was indeed that described by Köhler. It is not clear why the vulnerability was ignored for so long. After analysing the Stuxnet worm, Kaspersky and Symantec had stated that the vulnerability was new.

Symantec has published a highly detailed analysis of how Stuxnet manipulates MC7 code in specific Programmable Logic Controller (PLC) modules. Due to the complexity of the worm, many security specialists believe it to be the work of state-sponsored hackers or a state secret service. We may, however, never know which state was involved or what the worm's target was. The most popular speculation is that it was an attack by Mossad, the Israeli secret service, on the Bushehr nuclear power station in Iran. Certain strings in the worm's files are reported to give clues to the identity of the author – though in view of the professionalism with which Stuxnet has been developed it would be no surprise if this proved to be a false trail.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit