Symantec Research – Stuxnet was dated 2005

By Pierluigi Paganini, Editor-in-Chief

This is the news of the day … authors of Stuxnet virus that was used to sabotage Iranian nuclear program in 2010, according a study conducted by Symantec firm, started in 2005 and not in 2009 as believed until now. Stuxnet, differently from to successive versions, was designed to manipulate the nuclear facility’s gas valves causing explosion in the targeted nuclear plants, the attackers strategy was to hit the Iranian facilities physical destructing the targets, due this reason the international security community considered Stuxnet as first cyber weapon of the history.

Francis deSouza, Symantec’s president of products and services, revealed that the version detected was a prototype version of the final malicious agent that authors tested in the period between 2005 and 2009.

“It looks like now the weapon tried a few things before it hit on what would actually work,”‘ “It is clear that this has been a sophisticated effort for longer than people thought.” Said deSouza.

stuxnet

Symantec experts have found in the source ode the new version of Stuxnet detected express reference to 0.5 version number, meanwhile analyze date of website domain registration discovered that Stuxnet 0.5 stopped to infect machines on July 4th, 2009, few days before the version 1.001 was created.

Graph

Symantec report reveals the differences of version 0.5 with subsequent ones of Stuxnet, later versions significantly increased their spreading capability exploiting an increased number of software flaws.

  • Later versions significantly increased their spreading capability and use of vulnerabilities.
  • Replacement of Flamer platform code with Tilded platform code.
  • Later versions adopted an alternative attack strategy from uranium enrichment valve disruption to centrifuge speed modification.

Most important change is related to the strategy pursued by the attackers that concentrated their effort from sabotage of gas  valve to centrifuge speed modification.

Symantec also provided further info on the link between Flame and Stuxnet malware, until now security community believed that Stuxnet authors have had access to Flame components but not to whole Flame Platform source code. The discovery of Stuxnet 0.5 demonstrates that its authors had access to the complete Flamer platform source code.

Following the statements proposed on the topic in the report:

 “Stuxnet 0.5 is partly based on the Flamer platform whereas 1.x versions were based primarily on the Tilded platform. Over time, the developers appear to have migrated more towards the Tilded platform. The developers actually re-implemented Flamer platform components using the Tilded platform in later versions.

Both the Flamer and Tilded platform code bases are different enough to suggest different developers were involved.”

Sources: CDM and Symantec

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

New Research Reveals Network Attacks at Highest Point Over the Last Three Years
February 27, 2013

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X