Jump to content
Tuts 4 You

How do I get a flash drive infected with stuxnet?


malfreak

Recommended Posts

I downloaded stuxnet from http://tuts4you.com/download.php?view.3011. The files seem valid as I scanned the contents at virustotal. Then I inserted a flash drive and executed the dropper.exe file. According to Microsoft (http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx), the dropper (TrojanDropper:Win32/StuxnetA) should drop the following into the system:

Worm:Win32/Stuxnet.A

Trojan:WinNT/Stuxnet.A

Trojan:WinNT/Stuxnet.B (initially called VirTool:WinNT/Rootkitdrv.HK)

Trojan:Win32/Stuxnet.A

Worm:Win32/Stuxnet.B

Although, it seemed to have triggered some components of stuxnet,(the shortcut and tmp files got hidden, so the rootkit was on its way) I am unable to to trigger Worm:Win32/Stuxnet.A (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fStuxnet.A), which is responsible infecting flash drives. I kept the flash drive attached to the system during the entire process but couldn't find any new files being created.

I need an infected usb because I want to analyses how stuxnet propagates. The Copy of Shortcut to.lnk file present in the downloaded copy won't work with my flash drive because it has target specific to kingston datatraveller 2.0 (you can see the location by opening the file in a hex editor). Also, I tried this out in a xpsp2 system (no anti-virus installed) both with and without step7 installed (Ver:STEP 7-Micro/WIN test version 4.0 E).

Anyone with any directions?

Link to comment

try to plug in the flash drive while the rootkit is already running.

Also, make sure that the flash drive is seen as a flashdrive, not a harddiskdrive.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...