For those who don't know the Stuxnet worm was the first computer worm to specifically target SCADA (Supervisory Control and Data Acquisition) systems and also the first known worm to install a rootkit on a PLC (Programmable Logic Controller). It is largely regarded as the most sophisticated piece of computer malware to date. Experts worry that this source code could be studied by attackers to create similar sophisticated attacks.
For a more in-depth look at what Stuxnet is I suggest reading over the Wikipedia entry or watch this youtube video by Semantec demonstrating what Stuxnet does to a PLC.
The decompiled source code can be found here, and for more news and updates on the source code follow @stuxnetsource.
I link to the source because I believe knowledge is for everyone and the more people that can study these types of malware the better off we all are because the more wide spread the knowledge the less powerful it becomes.
But, with the mass amounts of idiots around, the source could could also be used as a prank, or as just simple curiosity. Sure more information on the problem to lead towards a solution, but before hand it might all go down hill.
ReplyDeleteGreat information.
ReplyDeleteHmm..
ReplyDeleteAnd now Anonymous has the source code...Oops
ReplyDeleteThe "source" is just a dump disassembly showing nothing to noone.
ReplyDeleteThe stuxnet source would contain the original, commented, c or cpp files and the step7 project (or the resources, where the data modules and function blocks are stored).
Do you think it would be real source code or just generated by IDA?
ReplyDeleteThe source is not the original source code, but disassembled code from IDA, Olly, or a similar program. This is still useful to reverse engineer to find the exploit code used and identifying artifacts of either the family of malware or best case the authors.
ReplyDeleteThis code is in assembly, so it's more difficult to decipher and it often comes packed (obscured in some way so the real assembly code can't be read by investigators). There are programs that attempt to decompile the malware into C code, but this is generally ugly code that isn't very readable.