{"title":"Metasploit中的Stuxnet蠕虫分析","authors":"Rahat Masood, Um-e-Ghazia, Z. Anwar","doi":"10.1109/FIT.2011.34","DOIUrl":null,"url":null,"abstract":"Nowadays cyber security is becoming a great challenge. Attacker's community is progressing towards making smart and intelligent malwares (viruses, worms and Root kits). They stealth their existence and also use administrator rights without knowing legal user. Stuxnet worm is an example of a recent malware first detected in July 2010. Its variants were also detected earlier. It is the first type of worm that affects the normal functionality of industrial control systems (ICS) having programmable logic controllers (PLC) through PLC Root kit. Its main goal is to modify ICS behavior by changing the code of PLC and make it to behave in a way that attacker wants. It is a complex piece of malware having different operations and functionalities which are achieved by exploiting zero day vulnerabilities. Stuxnet exploits various vulnerable services in Microsoft Windows. In this paper we will show real time simulation of first three vulnerabilities of these through Metasploit Framework 3.2 and analyze results. A real time scenario is established based on some assumptions. We assumed Proteus design (pressure sensor) as PLC and showed after exploitation that the pressure value drops to an unacceptable level by changing Keil code of this design.","PeriodicalId":101923,"journal":{"name":"2011 Frontiers of Information Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"SWAM: Stuxnet Worm Analysis in Metasploit\",\"authors\":\"Rahat Masood, Um-e-Ghazia, Z. Anwar\",\"doi\":\"10.1109/FIT.2011.34\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays cyber security is becoming a great challenge. Attacker's community is progressing towards making smart and intelligent malwares (viruses, worms and Root kits). They stealth their existence and also use administrator rights without knowing legal user. Stuxnet worm is an example of a recent malware first detected in July 2010. Its variants were also detected earlier. It is the first type of worm that affects the normal functionality of industrial control systems (ICS) having programmable logic controllers (PLC) through PLC Root kit. Its main goal is to modify ICS behavior by changing the code of PLC and make it to behave in a way that attacker wants. It is a complex piece of malware having different operations and functionalities which are achieved by exploiting zero day vulnerabilities. Stuxnet exploits various vulnerable services in Microsoft Windows. In this paper we will show real time simulation of first three vulnerabilities of these through Metasploit Framework 3.2 and analyze results. A real time scenario is established based on some assumptions. We assumed Proteus design (pressure sensor) as PLC and showed after exploitation that the pressure value drops to an unacceptable level by changing Keil code of this design.\",\"PeriodicalId\":101923,\"journal\":{\"name\":\"2011 Frontiers of Information Technology\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Frontiers of Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FIT.2011.34\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Frontiers of Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FIT.2011.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Nowadays cyber security is becoming a great challenge. Attacker's community is progressing towards making smart and intelligent malwares (viruses, worms and Root kits). They stealth their existence and also use administrator rights without knowing legal user. Stuxnet worm is an example of a recent malware first detected in July 2010. Its variants were also detected earlier. It is the first type of worm that affects the normal functionality of industrial control systems (ICS) having programmable logic controllers (PLC) through PLC Root kit. Its main goal is to modify ICS behavior by changing the code of PLC and make it to behave in a way that attacker wants. It is a complex piece of malware having different operations and functionalities which are achieved by exploiting zero day vulnerabilities. Stuxnet exploits various vulnerable services in Microsoft Windows. In this paper we will show real time simulation of first three vulnerabilities of these through Metasploit Framework 3.2 and analyze results. A real time scenario is established based on some assumptions. We assumed Proteus design (pressure sensor) as PLC and showed after exploitation that the pressure value drops to an unacceptable level by changing Keil code of this design.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
