Anatomy of the W32.Stuxnet SCADA threat

Symantec released an in-depth analysis of W32.Stuxnet, reviewed through IDA-PRO. The analysis shows off the staged infection process, the unusual injection of legitimate services instead of issuing LoadLibrary calls, core encryption and exported functions.

Tofino Security (specialized on SCADA security) has released an excellent white paper on the case (requires [free] registration). If you are a Malware Researcher / Reverse Engineer or just curious, I totally recommend it.

There’s code, great explanation, images, graphs and such explaining it all the process from infection, rooting and the propper malware code.

comments powered by Disqus