Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

New malware instance borrows ideas from Stuxnet virus

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 3, 2016

Do you remember the Stuxnet virus? FireEye threat researchers have discovered a new and very complex malware instance that borrows ideas from Stuxnet and is specifically designed to work on Siemens industrial control systems.

Josh Homan, Sean McBride, and Rob Caldwell named the malware "Irongate" and say it is probably a proof-of-concept that is likely not used in the wild. Then again, it's still a bit early to tell.

On average, industrial control system malware are very complex, in large part because their exploitation requires the knowledge of often archaic, unusual and proprietary systems, most of them developed in the dark...

And the rather steep learning curve required to better understand such systems limits the risk presented by the many security holes they usually contain.

It's just this that makes Irongate interesting when you first look at it. The malware is also unique in that it employs the so-called 'man-in-the-middle' attacks to capture normal internet traffic on human machine interfaces to replay it in an effort to further mask anomalies during various attacks.

This is reminiscent of work by IO-Active researcher Alexander Bolshev who told us how frequency and amplitude modifications in waves generated by control programmable logic controllers (PLCs) could allow attacks to be masked.

Worse, Irongate is also capable of evading VMware and Cuckoo sandboxes, the use of which is indicative of white hat researchers-- a standard feature of well-designed malware.

The FireEye and Mandiant team found the malware on VirusTotal, likely uploaded by authors wanting to test their trojan for antivirus detection. No security platforms detected it, at least not yet.

"While Irongate malware does not compare to Stuxnet in terms of complexity, it still leverages some of the same features and techniques" the security team says.

"Even though process operators face no increased risk from the currently identified members of the Irongate malware family, it still provides valuable insight into adversary mindset," it added.

The malware operates in Siemens simulated programmable logic controller environments which are used before live deployment, seeking out and replacing proprietary DLL files, but does not function in standard environments, however. Its infection vector is unknown, at the time of this writing.

Source: Josh Homan, Sean McBride and Rob Caldwel.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer