If you are unfamiliar with Stuxnet https://www.computerworld.com/article/2516109/security0/why-did-stuxnet-worm-spread-.html
Stuxnet has been laying dormant on hundreds of outdated controllers for years. Stuxnet has the ability to call for updates per:https://www.codeproject.com/Articles/246545/Stuxnet-Malware-Analysis-Paper#ch4.1
“4.5.1. Updating via Internet
Stuxnet updates itself via Internet by establishing a HTTP connection to 2 malformed websites:
www. mypremierfutbol. com
www. todaysfutbol. com
It sends an encrypted data like that:
http://www. mypremierfutbol .com/index.php?data=data_to_send
This data contains the IP, the Adaptor name and description and some other data related to the infected machine and stuxnet. After that it receives the newer version of stuxnet (in an encrypted form) begins by the imagebase then a flag and at the last the Executable Image”
——————————
It gets interesting:
These URL’s are currently for sale and were last updated in 2018-09-25
They URL’s are both currently hosted on the same IP address with 350+ other URL’s. https://dnslytics.com/reverse-ip/206.189.61.126
My theory is there now a URL per controller type. An update was made to the 2 primary URL’s. Wherever Stuxnet still existed it pulled down new code on its update checkin. The new code contained a database or CSV to associate controller types to a URL. This allows for control of specific targets.
I suspect the outages are part of a sales tactic to show buyers the capabilities of Stuxnet.
Why did it take civilian sleuths to reveal there were multiple shooters in Las Vegas? What is the FBI and the government hiding?
The only REAL outcry against Trump's witrhdraw from Syria is from the MIC(Military Industrial Complex). They want their money!
Federal workers union sues Trump admin over government shutdown
No comments:
Post a Comment