II and BadBios Stuxnet: Cyberwar is more dangerous DIAMAS

The rise of malware BadBios, which would be spread by means of ultrasound, represents a new level within the class of “super virus” recently known as Stuxnet or Duqu Flame. Some officials and military commanders believe the BadBios could, like their ancestors, provoke a conflict, disable defense systems or similar situations. The threat of BadBios also comes hand the discovery of Stuxnet II. BadBios BUENOS AIRES (Urgente24) – In the past already been warned about the possibility that a sophisticated virus unleashed some kind of armed conflict between powers. The emergence of Stuxnet a malicious supercode infected the Iranian nuclear program presumably from a western country, led to a series of appearances ultra-sophisticated computer virus that endanger large systems. Then they met the Duqu and Flame, even more powerful than its predecessor. Now the new threat is called Bad Bios a super virus that attacks the BIOS of the computer and spreads by ultrasound. The BadBios is an information delivery system through high-frequency sounds. Directly affects the BIOS (Basic Input / Output, for its acronym in English) of the computer and get interfacing with other equipment via ultrasound emitted from the speakers and microphones detected by victim computers without the ear human beings are able to perceive. It was deciphered by security expert Dragos Ruiu after its effects have been suffering for almost three years. Although many experts doubt the existence of such malware, Hagerott was very concerned about the threats that this could mean for the Navy. This type of virus, capable of crossing “air gaps” and affect systems that are not connected to the Internet, the software could cripple shooting accuracy of the ships, turn it off or even deflect, Hagerott insisted during a summit in Washington dedicated to cybersecurity issues. This “could disrupt the global balance of power,” he said. According to him, to avoid the threat the Navy could go back in time and re-use monitoring tools that were used a century ago, in the early 1900s. Always have heard of the virus and its evolutionary variants. But applications for protection and safety measures are implemented daily to protect against these worms that much damage to digital society. Surprisingly, a publication out of an electronic journal of the United States where it announces the emergence of a virus that is transmitted through ultrasound, infecting any operating system, from PC, Mac, Linux, etc.. The truth is that it has discovered the father and the lord of all viruses. Everything started three years ago when Dragos Ruiu, a security consultant working in his laboratory and recognizes that something unusual was going on in your MacBook Air. After installing the latest version of Apple’s operating system, out of nowhere the team updated its firmware version starting. Stranger still, also tried to boot the machine from CD and also failed. For more surprise the machine started to delete data and make configuration changes without asking. This event began long hours of late nights of researchers. In the following months, Ruiu observed increasingly bizarre phenomena that seemed out of a science fiction film. To everyone’s surprise, a team that ran the open BSD operating system also began to modify its settings and delete your data without explanation or ask. Your data network began sending specific network protocol IPv6, even from teams that were supposed to have completely disabled IPv6. Strangest of all was the ability of infected computers to transmit small amounts of data on the network with other infected machines even if their power cords and Ethernet cables were disconnected and Wi – Fi and Bluetooth cards had been removed. Must be formatted. Typical cancer solution to a computer of this caliber. The surprise was that it took longer to reinstall the machine spreading the virus again. Researchers have, that on one of those days were working on a machine that had Windows reinstalled, while exploring registration of anomalies or evidence was found that the bug preventing taken control could continue their forensic work? is scary no? After speculate, to prove one thing and another without results, the researchers chose to “rob” literally a team and see when the infection happened. This finding was surprising: the infected machine stopped when I disconnected the sound driver, ie the virus was transmitted through the speakers and infect others by using an ultrasound microphone. Recall that such sounds are emitted at frequencies that are not detected by the human ear. Although it may seem “crazy”, the virus infecting any host operating system independent, the activation method was the ultrasound transmitted through the speakers, infected USB sticks. Just insert them into a computer (either Windows, Linux or Mac OS X) infecting the rootkit is transmitted. However, it should be noted that for other security experts this information is not quite real and are quick to exhibit doubts about it, in fact they say they are tricks that try to show as real. True or not, hard to believe that a virus of this caliber could spread through ultra sounds and magically be able to get to infect the operating system layer of a computer. As they say: “I do not believe in witches but that there are no”. If this is real it would not be strange that a great world power is investing resources to accomplish things how are you, then it is not the work of a hacker space, is another level. The twin Stuxnet In his article for ‘Foreign Policy’, computer security specialist, Raph Langner writes that, after conducting a thorough investigation of three years, you are sure that the virus that tried to change the speeds of the rotors in centrifugal Iran’s Natanz plant was rather insignificant and routine. It warns that this rather simple attack was preceded years earlier by a much more sophisticated and dangerous, and emphasizes that no one twin stealthy Stuxnet, complicated and powerful, it would have gone unnoticed by the public eye, the virus probably not have escaped to affect half the world. The Stuxnet II, the last and simplest version of the malware, tried to get the rotors of centrifuges that enrich uranium girasen too quickly, at speeds that would cause it to break. The Original Stuxnet, however, should sabotage protection system centrifuges at Natanz. These systems consist of three valves installed in each centrifuge. In case of incident, vibration and exposes the valves are closed, isolating the rugged centrifugal rest of the system. In other words, the process is ongoing while engineers replaced the damaged centrifuge. The Natanz protection system is based on Siemens industrial controls S7-417, operating the valves and pressure sensors. The Stuxnet I was designed to take full control of these controls, ie embedded computing systems, directly connected to physical equipment such as valves, something unimaginable before. A command I infected with Stuxnet is disconnected from physical reality. The control system begins to see just what the virus wants me to see. The first thing is to take action malware to hide its presence. Record the values ​​of the sensors of the system for a period of 21 seconds. After playing these 21 seconds in a circular path while performing the attack (the raids were happening once a month), so that for the control center all goes well, both for human operators to any automated system. Meanwhile, I Stuxnet begins its dirty work: Close the isolation valves for the first two and the last two stages of enrichment, thereby blocking the output of uranium hexafluoride (gas used to obtain enriched uranium) and increasing pressure on the centrifuges. The increased pressure results in the gas centrifuges to accumulate more than necessary, creating more stress to the mechanical rotor. The pressure may in addition cause the gaseous uranium hexafluoride and solidify fatally damaging the centrifuge. As highlighted Langner, solidification of the gas lead to a destruction Natanz simultaneous centrifugal per hundred infected control. However, the expert insists that this was not the target of hackers because, in this case, Iranian specialists have not been slow to discover the origin of the disaster. On the other hand, did everything they could to stop attacks early, before they trigger a catastrophic reaction. Its aim was rather to increase the load on the rotors so they were out of service, but not at the time of the assault itself, concludes Langner. At the same time, the expert notes that the unknown outcome of this strategy and that from 2009 the attackers changed the instrument. Notably Langner is the only specialist that denounces the existence of two versions of Stuxnet. Earlier this year, researchers from Symantec Corp (SYMC.O) also stated that there was a version of the Stuxnet computer virus that was used to attack Iran’s nuclear program in November 2007.


Deja un comentario

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s