What's the Best Defense Against Stuxnet?

A Comparison of Which Tools Are the Best for Finding Stuxnet in a System

By Morteza Rezaei

Share Print Related RSS
Page 3 of 3 1 | 2 | 3 Next » View on one page

V. CONCLUSION

Unfortunately, none of the products can detect all various versions of the Stuxnet malware (Table I to Table VII). Our experimental results suggest that scanning each project by both Trend Micro and Kaspersky products is a good way to detect/disinfect Stuxnet, but that is not enough. It can be concluded that manually deleting is the best way to clean infected projects, but that requires having up-to-date knowledge about Stuxnet. It is worth mentioning that the XR000000.MDX file reported as an encrypted copy of Stuxnet by Trend Micro[28] but, surprisingly, surprisingly their product was not able to detect it in all infected projects until the experiment date.

REFERENCES

[1] VIRUSBLOKADA (2012, May 3).
[2] Helen Martin. (2010, November 1). Vancouver Expedition [Online].
[3] WIKIPEDIA (2012, April 15). [ONLINE].
[4] Roel Schouwenberg. ( 2010, September). Breaking the habit [Online].
[5] SECURELIST (2011, December 23). Worm.Win32.Stuxnet.ai [Online].
[6] AV-Comparatives.org
[7] Neil J. Rubenking. (2011, October 5). PC Magazine [Online].
[8] CNET Reviews
[9] Virus Bulletin
[10] Top Ten Reviews
[11] A. Matrosov, E. Rodionov, D. Harley, J. Malcho. (2011, January). Stuxnet Under Microscope [Online].
[12] Common Vlnerabilities and Exposures
[13] N. Falliere, L. O. Murchu, E. Chien, "W32.Stuxnet Dossier", Symantec Corp., Ver. 1.4, February 2011.
[14] SYMANTEC. (2010, September 17). W32.Stuxnet [Online].
[15] SYMANTEC. (2010, July 18). W32.Stuxnet!lnk [Online].
[16] ESET. (2010, July 15). Win32/Stuxnet.A [Online].
[17] MCAFEE. (2010, July 16). Stuxnet [Online].
[18] MCAFEE. (2012, March 7). Stuxnet!14E9A18DA7E7 [Online].
[19] MCAFEE. (2011, April 2). Stuxnet!2D6CEE3D0305 [Online].
[20] MCAFEE. (2010, December 27). Stuxnet!4BEE6DAC25A4 [Online].
[21] MCAFEE. (2010, December 27). Stuxnet!6E1B6DBD7348 [Online].
[22] SECURELIST. (2010, September 20). Rootkit.Win32.Stuxnet.a [Online].
[23] SECURELIST. (2010, September 20). Rootkit.Win32.Stuxnet.b [Online].
[24] SECURELIST. (2011, February 24). Worm.Win32.Stuxnet.e [Online].
[25] SECURELIST. (2011, February 24). Worm.Win32.Stuxnet.m [Online].
[26] SECURELIST. (2011, February 24). Worm.Win32.Stuxnet.a [Online].
[27] TRENDMICRO. (2010, July 22). WORM_STUXNET.SM [Online].
[28] TRENDMICRO. (2010, July 16). WORM_STUXNET.A [Online].
[29] AVIRA. (2010, November 25). TR/Drop.Stuxnet.A.40 [Online].
[30] AVIRA. (2010, July 28). TR/Drop.Stuxnet.F [Online].
[31] AVIRA. (2010, July 16). RKit/Stuxnet.A [Online].
[32] AVIRA. (2010, July 15). TR/Drop.Stuxnet.A.5 [Online].

Page 3 of 3 1 | 2 | 3 Next » View on one page
Share Print Reprints Permissions

What are your comments?

You cannot post comments until you have logged in. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments