2 posts categorized "israel"

About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Learn More

Follow Us on Twitter


Stunext demonstration at the Virus Bulletin 2010

Symantec gave a presentation yesterday (30 Sept, 2010) at the VB2010 – Vancouver Conference. This time it was not just a presentation of slides describing the virus’ work, we actually had a live demonstration.

Symantec did an absolutely great job, analyzing the virus. All the information can be found here:
Symantec's Stunext analyze paper

Symantec’s team brought a PLC machine, which is the one the virus targets, and connected to it a blower with a balloon at the end. The PLC machine in its clean state was programmed to pump the balloon for 2 seconds and then stop.

Then, the PLC machine has been infected with the POC of the virus and the blower started to work, and... it got into an endless loop and never stopped, the balloon was blown eventually.

The demonstration was photographed by the Sophos team:



Following that, the Symantec team explained that the virus was mostly found in Iran, it has a flag that "tells" the virus to turn on or off, and the key name is 05091979 which is 05/09/1979. On this date a Jewish business man by the name of Habib Elghanian was executed in Iran.

They also said that it was a very meaningful date in Jewish history, and about that I am sorry to say - not really. If you will ask Israelis about the Habib Elghanian case, it is most likely that they will not know what you are talking about.

To conclude, nobody really knows what exactly the virus was intended to do, except for the fact that it looks for specific SCADA systems configuration and it is giving the ability to change these configurations.

Was it written by the Israelis? maybe and maybe not. One thing is certain, this was not written by a script kiddy, it was written by a funded organization and by several engineers.

Oren Medini, at VC2010 – Vancouver.


Flotilla Clash and the Social Media War

Since the Flotilla incident about 2 weeks ago, we’ve been witnessing many clashes over the net between both sides, especially between the Israelis and the Turks; most of which have been over the social networks e.g. Facebook.

Several Israeli websites have been hacked by Turkish hackers and political messages and pictures were planted instead of the original content.

In the last couple of days we started to see Israeli facebook accounts that were hacked by Turkish hackers, changing the profile pictures to the Palestinian Authority flag and to caricatures related to the Palestinian-Israeli conflict. In some cases messages like “Free Palestine” were added to the status text of users whose accounts were hacked, and links to streaming movies about the Turkish army were planted.