Abstract
Stuxnet virus is a first discovered malware to damage nuclear power station in June 2010 and targets only Siemens supervisory control and data acquisition (SCADA) system via vulnerabilities. Through the static reverse and dynamic analysis of Stuxnet malware files, we researched on MS10-046 (CVE-2010-2772) shortcut vulnerability, MS10-061 (CVE-2010-2729) in print spooler service vulnerability and MS10-073 (CVE-2010-2743) keyboard layout elevation of privilege vulnerability. The paper illustrated internal details and the Stuxnet implemented methods.
This work is supported by State Key Laboratory of Information Security (Institute of Software, Chinese Academy of Sciences) (04-02-1), Shanghai Education Commission Innovation Foundation (11YZ192), Shanghai Science and Technology Commission Key Program (11511504400) and National Nature Science Foundation of China under Grant (60903188). Natural science foundation of Shanghai City (NO.12ZR1411900).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Common Vulnerabilities and Exposures, http://cve.mitre.org/
Microsoft Security Bulletins, http://technet.microsoft.com/en-us/security/bulletin/
Matrosov, A., Rodionov, E., Harley, D., Malcho, J.: Stuxnet Under the Microscope Revision 1.31, www.eset.com
Antiy, Report on the Worm Stuxnet’s Attack, www.antiy.com
Wang, Y., Ruan, D., Gu, D., et al.: Analysis of Smart Grid Security Standards. In: Proc. CSAE 2011, June 10-12, pp. 697–701 (2011)
Townsend, K.: Anti-virus: a technology update. Infosecurity 7(6), 28–31 (2010)
Durbin, S.: Tackling converged threats: building a security-positive environment. Network Security 2011(6), 5–8 (2011)
Stuxnet Remover, http://greatis.com/security/stuxnet_remover.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, Y., Gu, D., Peng, D., Chen, S., Yang, H. (2012). Stuxnet Vulnerabilities Analysis of SCADA Systems. In: Lei, J., Wang, F.L., Li, M., Luo, Y. (eds) Network Computing and Information Security. NCIS 2012. Communications in Computer and Information Science, vol 345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35211-9_81
Download citation
DOI: https://doi.org/10.1007/978-3-642-35211-9_81
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35210-2
Online ISBN: 978-3-642-35211-9
eBook Packages: Computer ScienceComputer Science (R0)