malfreak Posted August 18, 2011 Posted August 18, 2011 I downloaded stuxnet from http://tuts4you.com/download.php?view.3011. The files seem valid as I scanned the contents at virustotal. Then I inserted a flash drive and executed the dropper.exe file. According to Microsoft (http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx), the dropper (TrojanDropper:Win32/StuxnetA) should drop the following into the system:Worm:Win32/Stuxnet.ATrojan:WinNT/Stuxnet.ATrojan:WinNT/Stuxnet.B (initially called VirTool:WinNT/Rootkitdrv.HK)Trojan:Win32/Stuxnet.AWorm:Win32/Stuxnet.BAlthough, it seemed to have triggered some components of stuxnet,(the shortcut and tmp files got hidden, so the rootkit was on its way) I am unable to to trigger Worm:Win32/Stuxnet.A (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fStuxnet.A), which is responsible infecting flash drives. I kept the flash drive attached to the system during the entire process but couldn't find any new files being created.I need an infected usb because I want to analyses how stuxnet propagates. The Copy of Shortcut to.lnk file present in the downloaded copy won't work with my flash drive because it has target specific to kingston datatraveller 2.0 (you can see the location by opening the file in a hex editor). Also, I tried this out in a xpsp2 system (no anti-virus installed) both with and without step7 installed (Ver:STEP 7-Micro/WIN test version 4.0 E).Anyone with any directions?
deepzero Posted August 18, 2011 Posted August 18, 2011 try to plug in the flash drive while the rootkit is already running.Also, make sure that the flash drive is seen as a flashdrive, not a harddiskdrive.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now