Inside Stuxnet's stolen certificates

An up-close look at some mistakes made when the Stuxnet creators stole and signed the malware's digital certificates. ---------------------- Currently, there are four known Stuxnet driver files. Three of these show a very interesting particularity, as they are digitally signed with the private keys from two digital certificates belonging to Realtek and JMicron — both well-known companies. The fourth known file is not signed and seems to be a memory dump of one of the two Realteksigned drivers. The first set of signed drivers was detected in the wild and is dropped by the so-called “original” Stuxnet sample. The third driver, which was signed by JMicron Technology of Taiwan, was found on July 17, 2010, by the Slovakia-based security company ESET (*9). Researchers interested in peering into Stuxnet’s effectiveness discovered a valuable tool last month: Stuxnet keeps a diary. As the worm spreads among computers, it documents its activities, including the date of the infection, the name of the compromised system, the domain name, and the internal and external IP addresses, according to research performed by security company Symantec.


Willst du mitdiskutieren? Dann erstelle dir einfach ein Profil oder logge dich ein.