Drucksache: windows.developer Magazin 7.2013 - Cyberwar
Im windows.developer Magazin 7.2013 ist ein Artikel zu Stuxnet und Co. erschienen - den ersten Waffen im Cyberwar der USA und Israels gegen den Irak und andere Länder.
Update 27. Dezember 2013
Der Artikel ist jetzt auch online
auf entwickler.de
verfügbar!
Ende des Updates
Und hier noch die Links und Literaturverweise aus dem Artikel:
Stuxnet
- [1] F-Secure: "Espionage Attack Uses LNK Shortcut Files"
- [2] Sophos: "Windows zero-day vulnerability uses shortcut files on USB"
- [3] VirusBlokAda: "Rootkit.TmpHider"
- [4] Microsoft Security Advisory "(2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution"
- [5] Microsoft Malware Protection Center: "The Stuxnet Sting"
- [6] Kaspersky: "Myrtus and Guava, Episode 2"
- [7] Sophos: "Certified uncertainty"
- [8] Symantec: "Stux to be You"
- [9] Sophos: "W32/Stuxnet-B"
- [10] F-Secure: "More Analysis of Case LNK Exploit"
- [11] Sophos: "Yes, there's malware. But don't change your SCADA password, advises Siemens"
- [12] Siemens: "SIMATIC WinCC / SIMATIC PCS 7: Information about Malware / Viruses / Trojan horses"
- [13] Microsoft Security Response Center: "Out of Band Release to address Microsoft Security Advisory 2286198"
- [14] Microsoft Malware Protection Center: "Stuxnet, malicious .LNKs, ...and then there was Sality"
- [15] Microsoft Security Bulletin "MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)"
- [16] Kaspersky: "Myrtus and Guava, Episode MS10-061"
- [17] Symantec: "Stuxnet Using Three Additional Zero-Day Vulnerabilities"
- [18] Symantec: "Stuxnet Print Spooler Zero-Day Vulnerability not a Zero-Day at All?"
- [19] ThreatPost: "Microsoft Missed 2009 Published Article on Stuxnet-Type Attack "
- [20] Symantec: "Stuxnet Introduces the First Known Rootkit for Industrial Control Systems"
- [21] Symantec: "Exploring Stuxnet’s PLC Infection Process"
- [22] Symantec: "Stuxnet: A Breakthrough"
- [23] New York Times: "Israeli Test on Worm Called Crucial in Iran Nuclear Delay"
- [24] Marty Edwards, Todd Stauffer: "Control System Security Assessments"; 2008 Automation Summit (PDF)
- [25] Symantec: "Updated W32.Stuxnet Dossier is Available"
- [26] ISSSource: "Stuxnet Loaded by Iran Double Agents"
- [27] New York Times: "Obama Order Sped Up Wave of Cyberattacks Against Iran"
- [28] Sophos: "Stuxnet: How USA and Israel created anti-Iran virus, and then lost control of it"
- [29] Symantec: "Stuxnet 0.5: The Missing Link" (PDF)
Duqu
- [30] Symantec: "W32.Duqu: The Precursor to the Next Stuxnet"
- [31] Symantec: "W32.Duqu"
- [32] F-Secure: "Duqu – Stuxnet 2"
- [33] Symantec: "Duqu: Status Updates Including Installer with Zero-Day Exploit Found"
- [34] Microsoft Security Advisory: "(2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege"
- [35] Microsoft Security Bulletin: "MS11-087 - Critical: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)"
- [36] Kaspersky: "The mystery of Duqu: Part Ten"
- [37] Kaspersky: "Duqu First Spotted as 'Stars' Malware in Iran"
Flame
- [38] Iran National CERT (MAHER): "Identification of a New Targeted Cyber-Attack"
- [39] Sophos: "Flame worm - Iran claims to discover new Stuxnet-like malware"
- [40] Kaspersky: "The Flame: Questions and Answers"
- [41] Kaspersky: "Flame: Bunny, Frog, Munch and BeetleJuice…"
- [42] CrySyS Lab: sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks (PDF)
- [43] Symantec: "W32.Flamer: Enormous Data Collection"
- [44] F-Secure: "On Stuxnet, Duqu and Flame"
- [45] Bruce Schneier: "The Failure of Anti-Virus Companies to Catch Military Malware"
- [46] F-Secure: "Commoditization vs. Specialization"
- [47] McAfee: "What the Skywiper Files Tell Us"
- [48] Carsten Eilers: "Flame und die Windows-Updates"
- [49] Microsoft Security Research & Defense Blog: "Microsoft certification authority signing certificates added to the Untrusted Certificate Store"
- [50] Washington Post: "U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say"
Gauss
- [51] Kaspersky: "Gauss: Nation-state cyber-surveillance meets banking Trojan"
- [52] Kaspersky: "Gauss: Abnormal Distribution"
- [53] Kaspersky: "Gauss: Abnormal Distribution" (PDF)
- [54] Kaspersky: "The Mystery of the Encrypted Gauss Payload"
- [55] Kaspersky: "Hashcat's GPU-accelerated Gauss encryption cracker"
- [56] Costin Raiu, @craiu: "@halvarflake actually, we did check the font file in detail and ..."
- [57] Kaspersky: "Online detection of Gauss"
- [58] F-Secure: "Gauss: the Latest Event in the Olympic Games"
miniFlame
- [59] Kaspersky: "Full Analysis of Flame's Command & Control servers"
- [60] Kaspersky: "miniFlame aka SPE: "Elvis and his friends"
- [61] Kaspersky: "miniFlame aka SPE: "Elvis and his friends"" (Analyse)
Kommentar
- [62] Carsten Eilers: "Internet Explorer: 0-Day-Schwachstelle (und 7 weitere) gepatcht"
Whitepaper und FAQ
- Stuxnet:
- ESET: "Stuxnet Under the Microscope" (PDF)
- F-Secure: "Stuxnet Questions and Answers"
- F-Secure: "Stuxnet Redux: Questions and Answers"
- Symantec: "W32.Stuxnet Dossier" (PDF)
- Symantec: "Stuxnet 0.5: The Missing Link" (PDF)
- Duqu
- CrySyS Lab: "Duqu: A Stuxnet-like malware found in the wild" (PDF)
- F-Secure: "Duqu: Questions and Answers"
- Kaspersky: "Duqu: Steal Everything"
- Kaspersky: "Duqu FAQ"
- McAfee: "Duqu– Threat Research and Analysis" (PDF)
- Symantec: "Duqu: The Precursor to the Next Stuxnet"
- Symantec: "W32.Duqu - The precursor to the next Stuxnet" (PDF)
- CrySys: "The Cousins of Stuxnet: Duqu, Flame, and Gauss" (PDF)
- Flame
- F-Secure: "Flame-bait Questions"
- F-Secure: "Flame is Lame"
- Kaspersky: "The Flame: Questions and Answers"
- Kaspersky: "Full Analysis of Flame's Command & Control servers"
- Symantec: "Have I Got Newsforyou: Analysis of Flamer C&C Servers"
- Gauss
- Kaspersky: "Gauss: Abnormal Distribution" (PDF)
- miniFlame
- Kaspersky: "miniFlame aka SPE: "Elvis and his friends"" (Analyse)
Trackbacks