Posts com Tag ‘virus’


Publicado: novembro 29, 2010 por Yogi em Capital, International, Politics, Science, Tech, Tudo
Tags:, , , , , ,
From Wikipedia, the free encyclopedia

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems,[1] the first to include a programmable logic controller (PLC) rootkit,[2] and the first to target critical industrial infrastructure.[3] It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.[4] Stuxnet includes the capability to reprogram the PLCs and hide its changes.[5]

The worm’s probable target has been said to have been high value infrastructures in Iran using Siemens control systems.[6][7] According to news reports the infestation by this worm might have damaged Iran’snuclear facilities in Natanz[8][9] and eventually delayed the start up of Iran’s Bushehr Nuclear Power Plant.[10] Siemens has stated, however, that the worm has not in fact caused any damage.[11]

Russian digital security company Kaspersky Labs released a statement that described Stuxnet as “a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.” Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.[12] Kaspersky Labs concluded that the attacks could only have been conducted “with nation-state support”, making Iran the first target of real cyberwarfare.[13][14][15]




The worm was first reported by the security company VirusBlokAda in mid-June 2010, and roots of it have been traced back to June 2009.[5] It contains a component with a build time stamp from 3 February 2010.[16]

In the United Kingdom on 25 November 2010, Sky News announced that it had received information that the Stuxnet worm, or a variation of the virus, had been traded on the black market. Sky News stated that the virus had possibly been traded to a criminal gang or terrorist group and that such a virus was a “tier 1” threat to national security.[17]

[edit]Affected countries

A study of the spread of Stuxnet by Symantec showed that the main affected countries as of August 6, 2010 were:[18]

Country Infected computers
China 6,000,000 (unconfirmed)[19] (October 1)
Iran 62,867
Indonesia 13,336
India 6,552
United States 2,913
Australia 2,436
United Kingdom 1,038
Malaysia 1,013
Pakistan 993
Finland 7[20]
Germany 5[21] (September)


Stuxnet attacks Windows systems using four zero-day attacks (plus the CPLINK vulnerability and a vulnerability used by the Conficker worm) and targets systems using Siemens‘ WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives and then uses other exploits to infect other WinCC computers in the network. Once inside the system it uses the default passwords to command the software.[5]Siemens advises immediately upgrading password access codes.”[22]

Stuxnet requires specific variable-frequency drives (frequency converter drives) on the system. It only attacks systems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Payabased in Iran.[23] It monitors the frequency and only attacks systems that run between 807Hz and 1210Hz which is very high and only used in particular industrial applications. Stuxnet then modifies the output frequency for a short interval of time to 1410Hz and then to 2Hz and then to 1064Hz and thus affects the operation of the connected motors.[24]

The complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure.[1][5] The number of used zero-day Windows exploits is also unusual, as zero-day Windows exploits are valued, and crackers do not normally waste the use of four different ones in the same worm.[6] Stuxnet is unusually large at half a megabyte in size,[25]and written in different programming languages (including C and C++) which is also irregular for malware.[1][5] It is digitally signed with two authentic certificates which were stolen[25] from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time.[26] It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.[25][27] These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. Eric Byres, who has years of experience maintaining and troubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not years.[25]

A Siemens spokesperson said that the worm was found on 15 systems with five of the infected systems being process manufacturing plants in Germany. Siemens claims that no active infections have been found and there were no reports of damages caused by the worm.[21] Jeffrey Carr raised the possibility that the Stuxnet took India’s INSAT-4B Satellite out of action, making it effectively dead.[28] However, ISRO has provisionally ruled out the possibility of Stuxnet attack, and awaits further details from Carr’s presentation on the topic.[29]


Siemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support if an infection is detected and advises installing the Microsoft patch for vulnerabilities and prohibiting the use of third-party USB flash drives.[30]

The worm’s ability to reprogram external programmable logic controllers (PLCs) may complicate the removal procedure. Symantec’s Liam O’Murchu warns that fixing Windows systems may not completely solve the infection; a thorough audit of PLCs is recommended. In addition, it has been speculated that incorrect removal of the worm could cause a significant amount of damage.[31]


Prevention of control system security incidents,[32] such as from viral infections like Stuxnet, is a topic that is being addressed in both the public and the private sector. The U.S. Department of Homeland Security (DHS) National Cyber Security Division’s operates the Control System Security Program (CSSP).[33] The program operates a specialized Computer Emergency Response Team (ICS-CERT), conducts a biannual conference (ICSJWG), provides training, publishes recommended practices, and provides a self-assessment tool. Several industry organizations[34][35] and professional societies[36][37] have published standards and best practice guidelines providing direction and guidance for control system end-users on how to establish a Control System Security management program. The basic premise that all of these documents share is that prevention requires a multi-layered approach, often referred to as “defense-in-depth”. The layers include policies & procedures, awareness & training, network segmentation, access control measures, physical security measures, system hardening, e.g., patch management, and system monitoring e.g., anti-virus, IDS, etc. The standards and best practices also all recommend starting with a risk analysis and a control system security assessment.[38] The purpose is to assess the current level of risk and the size of the gap between that risk and what is tolerable. The other purpose of an assessment is to identify the vulnerabilities and develop a prioritized program to eliminate or minimize them.

In response to these concerns, Cyber security standards and certifications programs such as ISA 99 and SASecure have been developed to evaluate and certify the security of industrial automation products.

Automation, SCADA and Control System developers often use off-the-shelf equipment, software and protocols, integrating and configuring these in different ways for a variety of applications. This ‘common’ approach can make it easier for malware to bring down some vulnerable systems. However, proprietary Automation, SCADA and Control System developers, eg. Infinitronix and others, are able to provide a completely ‘bespoke’ solution, using new protocols and HW/SW/FW solutions yet unknown to developers of malware.

[edit]Speculations about the target and origin

Alan Bentley of security firm Lumension has said that Stuxnet is “the most refined piece of malware ever discovered … mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure”. Symantec estimates that the group developing Stuxnet would have been well-funded, consisting of five to ten people, and would have taken six months to prepare.[39] The Guardian, the BBC and The New York Times all reported that experts studying Stuxnet considered that the complexity of the code indicates that only a nation state would have the capabilities to produce it.[6][39][40]

Israel, perhaps through Unit 8200,[41] has been speculated to be the country behind Stuxnet in many of the media reports[39][42][43] and by experts such as Richard Falkenrath, former Senior Director for Policy and Plans within the Office of Homeland Security.[44] Some have also referred to several clues in the code such as a concealed reference to the word “MYRTUS”, believed to refer to the Myrtle tree, or Hadassah in Hebrew. Hadassah was the birth name of the former Jewish queen of Persia, Queen Esther.[45][46] However, it may be that the “MYRTUS” reference is simply a misinterpreted reference to SCADA components known as RTUs (Remote Terminal Units) and that this reference is actually “My RTUs” — a management feature of SCADA.[47] Also, the number 19790509 appears once in the code and might refer to the date “1979 May 09”, the day Habib Elghanian, a Persian Jew, was executed in Tehran.[48][49][50] According to the New York Times a former member of the United States intelligence community speculated that the attack may have been the work of Unit 8200.[51] Yossi Melman, who covers intelligence for the Israeli daily newspaper Haaretz and is at work on a book about Israeli intelligence, also suspected that Israel was involved. He noted that Meir Dagan, head of the national intelligence agency Mossad, had his term extended in 2009 because he was said to be involved in important projects. Additionally, in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014. “They seem to know something, that they have more time than originally thought”, he added.[8]

Additionally, in 2009, a year before Stuxnet was discovered, Scott Borg of the United States Cyber-Consequences Unit had suggested that Israel might prefer to mount a cyber-attack rather than a military strike on Iran’s nuclear facilities.[52] According to Borg this kind of attack could involve disrupting sensitive equipment such as centrifuges using malware introduced via infected memory sticks: “Since the autumn of 2002, I have regularly predicted that this sort of cyber-attack tool would eventually be developed … Israel certainly has the ability to create Stuxnet and there is little downside to such an attack, because it would be virtually impossible to prove who did it. So a tool like Stuxnet is Israel’s obvious weapon of choice.”[53] There has also been speculation on the involvement of NATO, the United States and other Western nations.[54] It has been reported that the United States, under one of its most secret programs, initiated by the Bush administration and accelerated by the Obama administration, has sought to destroy Iran’s nuclear program by novel methods such as undermining Iranian computer systems.[55] However, solid evidence pointing to Western (and specifically American) involvement has been scarce.

Though Israel has not publicly commented on the Stuxnet attack, it has since confirmed that cyberwarfare is now among the pillars of its defense doctrine, with a military intelligence unit set up to pursue both defensive and offensive options.[56][57]

Symantec claims that the majority of infected systems were in Iran (about 60%),[58] which has led to speculation that it may have been deliberately targeting “high-value infrastructure” in Iran[6] including either theBushehr Nuclear Power Plant or the Natanz nuclear facility.[25] Ralph Langner, a German cyber-security researcher, called the malware “a one-shot weapon” and said that the intended target was probably hit,[59]although he admitted this was speculation.[25]

There are reports that Iran’s uranium enrichment facility at the Natanz facility was the target of Stuxnet and the site sustained damage because of it causing a sudden 15% reduction in its production capabilities. There was also a previous report by wikileaks disclosing a “serious nuclear accident” at the site in 2009.[9][43][60][61][62][63] According to statistics published by the Federation of American Scientists (FAS) the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.[64] On November 23 it was announced that due to a series of major technical problems in Natanz Iran had to temporarily cease its uranium production altogether.[65] [66]

The name is derived from some keywords discovered in the software.[53] The whole Stuxnet code has not yet been decrypted, but among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met. The worm appears programmed to cause a catastrophic physical failure; early speculation on methods had included overriding turbine RPM limits, shutting down lubrication or cooling systems, or sabotaging the high-speed spinning process of centrifuge arrays at Iran’s Natanz nuclear facility;[59][67] in November 2010, according to The New York Times, experts at Symantec found that the worm speeds up rotation rates for the accelerators to the point where they break.[68] The complex code of Stuxnet looks for a very particular type of system and controller, namely frequency converters made by the Iranian company Fararo Paya and the Finnish company Vacon.[68][69][70]

[edit]Iranian reaction

The Associated Press reported that the semi-official Iranian Students News Agency released a statement on 24 September 2010 stating that experts from the Atomic Energy Organization of Iran met in the previous week to discuss how Stuxnet could be removed from their systems.[4] Western intelligence agencies have been attempting to sabotage the Iranian nuclear program for some time, according to analysts.[71][72]

The head of the Bushehr Nuclear Power Plant told Reuters that only the personal computers of staff at the plant had been infected by Stuxnet and the state-run newspaper Iran Daily quoted Reza Taghipour, Iran’s telecommunications minister, as saying that it had not caused “serious damage to government systems”.[40] Director of Information Technology Council at the Iranian Ministry of Industries and Mines, Mahmud Liaii has said that: “An electronic war has been launched against Iran… This computer worm is designed to transfer data about production lines from our industrial plants to locations outside Iran.”[73]

It is believed that infection had originated from Russian laptops belonging to Russian contractors at the site of Bushehr power plant and spreading from there with the aim of targeting the power plant control systems.[74][75][76] In response to the infection, Iran has assembled a team to combat it. With more than 30,000 IP addresses affected in Iran, an official has said that the infection is fast spreading in Iran and the problem has been compounded by the ability of Stuxnet to mutate. Iran has set up its own systems to clean up infections and has advised against using the Siemens SCADA antivirus since it is suspected that the antivirus is actually embedded with codes which update Stuxnet instead of eradicating it.[77][78][79][80]

According to Hamid Alipour, deputy head of Iran’s government Information Technology Company, “The attack is still ongoing and new versions of this virus are spreading.” He reports that his company had begun the cleanup process at Iran’s “sensitive centres and organizations.”[78] “We had anticipated that we could root out the virus within one to two months, but the virus is not stable, and since we started the cleanup process three new versions of it have been spreading,” he told the Islamic Republic News Agency.[80]

Vídeos do VodPod não estão mais disponíveis.

more about “Própolis Verde“, posted with vodpod 


Matéria-prima nacional

O Brasil exporta setenta toneladas de própolis de abelha por ano para fins medicinais. Um mercado que movimenta 25 milhões de dólares. Os principais compradores são o Japão, Estados Unidos, Alemanha e China.

O extremo interesse internacional é por causa de um tipo de própolis pouco conhecido: a própolis verde. O repórter Ivaci Matias fez uma reportagem especial sobre a própolis.

A própolis verde é especial porque mais de setenta compostos químicos diferentes já foram isolados a partir dessa própolis. Alguns estão sendo usados com sucesso no tratamento do câncer.

Para a fabricação da própolis verde, a abelha comum, a mesma usada na produção comercial do mel, ela retira da planta a resina, como a coleta de resina de tronco de árvore, que forma aquela gosma.

Para entender melhor o processo, o Globo Rural faz um passeio por dentro do broto desta planta milagrosa explorada pela abelha.

Uma imagem ampliada no microscópio mostra os canais internos da planta. O objetivo das abelhas é atingir as bolsas vermelhas, onde existem poderosas essências em formas de resina.

Elas são produzidas por uma planta muito comum em Minas, o alecrim-do-campo. A resina serve para defender os brotos do alecrim das doenças e repelir insetos como as formigas. A abelha fica trabalhando, roendo, buscando a parte líquida da brotação. É possível observar que ela deposita a resina nas suas patinhas. É essa mesma resina que é verificada na própolis pronta.

Num enxame comum vivem aproximadamente 100 mil abelhas, isso favorece o aparecimento de doenças causadas por vírus fungos e bactérias. Para proteger o lugar onde vivem, elas fabricam a própolis. O nome vem do grego: “pro” quer dizer a favor e “pólis” quer dizer cidade.

O homem conhece os poderes medicinais da própolis desde a antiguidade. A novidade é a descoberta da própolis verde, fabricada com a resina do alecrim-do-campo.

Em Minas Gerais, a vassourinha, ou alecrim-do-campo, é encontrada em grande quantidade nas pastagens. Ela é considerada como uma planta invasora, uma verdadeira praga na região. Ela gosta de lugar de terra fraca, solo ácido. Ela aparece próxima ao “Rabo de burro que é uma planta indicadora de solo ácido.

Antes da descoberta de suas virtudes medicinais, o alecrim-do-campo era usado na fabricação artesanal de vassouras e também para limpar as cinzas do forno a lenha, deixando seus odores nos biscoitos de polvilho. Por isso é chamado também de vassourinha. Ela pertence a mesma família da camomila e do girassol.

A vassourinha é nativa da região central do Brasil, mas pode ser encontrada em quase todas as regiões do país. Os portugueses lhe deram o nome de alecrim-do-campo, porque é muito parecido com o alecrim trazido da Europa, para ser usado como tempero.

É fácil identificar as plantas masculinas e as femininas, as femininas possuem flores fechadas em forma de taças e as masculinas, abertas. Hoje existe um interesse mundial da própolis verde, produzida a partir da resina do alecrim-do-campo.

No município de Cotia, na Grande São Paulo, uma empresa japonesa investiu muito dinheiro na instalação de um laboratório que beneficia própolis verde. Eles compram dos produtores mineiros. Depois de beneficiada, a própolis é analisada em laboratório e exportada para o Japão. A empresa possui própolis em pó. Yoko Schimizo, gerente da empresa, diz que nesse processo, a própolis mantém todas as suas qualidades e perde o gosto forte característico do produto. “Fica bem mais leve e fácil de tomar.

Na cidade de Campinas, interior de São Paulo, através do trabalho da bióloga Maria Cristina Marcucci, a Fapesp, Fundação de Amparo à Pesquisa, registrou duas patentes de medicamentos extraídos da própolis do alecrim-do-campo. Um desses remédios pode ser usado com muita eficiência para matar bactérias que causam infecção hospitalar, o outro combate bactérias que causam a cárie. “A partir da própolis verde cerca de 30 compostos foram patenteados, incluindo a atividade biológica que cada um apresenta, diz a bióloga.

Quando questionada se as patentes são brasileiras, ela responde: “Infelizmente, não posso dizer isso, a maior parte vem do Japão. Os japoneses têm esse interesse todo porque a própolis verde apresenta inúmeras propriedades terapêuticas e biológicas, a começar pela atividade antibacteriana, ela atua contra microrganismos, atua no sistema imunológico, prevenindo o aparecimento de doenças e atua também em tumores.

Os compostos do alecrim-do-campo também estão sendo estudados em Minas Gerais, na Fundação Ezequiel Dias, de Belo Horizonte. A bióloga Ester Bastos, especialista no assunto, acrescenta outras razões para o interesse de laboratórios estrangeiros na própolis verde do alecrim. Segundo ela, essa própolis tem uma grande quantidade de ácidos, do grupo dos terpenos, que são muito eficientes na prevenção e no tratamento do câncer. “No Japão, foi isolada uma substância dessa própolis que tem ação ativa contra células tumorais, que já foi patenteada no Japão, apesar do produto ser brasileiro. É provável que em breve seja lançado medicamento à base dessa substância e nós teremos que pagar os direitos para usá-lo.

Para ver de perto o interesse dos japoneses na própolis verde, o Globo Rural foi até o outro lado do mundo. Na cidade de Yokohama, perto de Tóquio, o repórter Mitsuo Kawasaki conversou com o doutor Kaoru Maeda, professor da faculdade de Medicina de Tóquio, especialista em câncer. “A primeira vez que usei a própolis no tratamento de câncer foi há 25 anos. Nós tínhamos vários pacientes sendo submetidos ao tratamento de quimioterapia, receitamos própolis a apenas dois deles, e só eles não apresentaram os efeitos colaterais do tratamento, como queda do cabelo e perda de resistência do organismo. Mas nós não receitamos de qualquer jeito, antes, fazemos o teste de ressonância molecular e entramos com uma dieta alimentar para aumentar a resistência imunológica do paciente. É nessa dieta que entra a própolis verde. Ela não é remédio, mas se você me perguntar onde ela age, eu vou dizer que ela ataca células do câncer e mata bactérias e vírus que aparecem junto com os tumores. Com esse método, nós tratamos vários tipos diferentes de câncer e conseguimos a cura de mais de 90% dos casos.

Aos pés do monte Fugi, na parte central do Japão, vive o professor Hyrofume Naito, membro da Sociedade japonesa de Apiterapia, ciência que usa os produtos das abelhas na cura das doenças. Além da própolis, o professor Naito usa veneno de abelha. Ele tira o ferrão que vem junto com uma bolsinha de veneno e faz a acupuntura em todo o corpo do paciente. O professor explica por que os ácidos do grupo dos terpenos, presentes na própolis verde do alecrim combatem o câncer. Ele diz que de uns quinze anos para cá, a causa de várias doenças dos seres humanos têm sido atribuída à oxidação das células, como exemplo, o câncer de estômago e de fígado. “Muitos produtos naturais são eficientes no combate aos radicais livres que causam as oxidações das células, são os chamados anti-oxidantes, mas nenhum deles até agora mostrou mais eficiência do que a própolis verde.

Shuzo Assumassa é um dos pacientes do professor Naito. Ele diz que tem câncer de próstata e que a própolis tem ajudado muito seu organismo a resistir ao tratamento quimioterápico. “Estou me sentindo bem e até agora nem perdi os cabelos�?, revela ele.

A senhora Stsuco Kobaiachi se diz fã incondicional da própolis verde, ela diz que toma duas cápsulas por dia para um tratamento de asma. Ela diz que está ótima e acrescenta que várias pessoas da sua família fazem uso da própolis brasileira para combater outro mal, o envelhecimento precoce.

Mas no Brasil, também existem pesquisas visando a prevenção e o tratamento do câncer através das essências da própolis. Na faculdade de Medicina da Unesp de Botucatu, a pesquisadora Deisy Salvatori coordena um trabalho que testou a própolis em ratos que apresentavam tumores cancerígenos no esôfago. O câncer foi provocado por injeção de produtos químicos. “Nós observamos que os animais do grupo que recebeu a própolis apresentaram uma menor freqüência de lesões, tanto de DNA, que são lesões que iniciam o processo do câncer, quanto nas lesões após a cirurgia no animal em que é exposto intestino, é possível perceber que diminuem as alterações nas mucosas do cólon.

Segundo a bióloga, isso significa que a própolis teve uma ação inibidora na formação do câncer. “Ela previne a ação de compostos que são cancerígenos, mas esses resultados são preliminares para que a gente possa dizer que a própolis tem um efeito terapêutico. Ela tem efeito de prevenir e não de curar o câncer.