PrepAway - Latest Free Exam Questions & Answers

Which of the following worms was used in an act of cybe…

Which of the following worms was used in an act of cyber warfare against Iranian ICSs? (Select the best
answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
Blaster

B.
Nachi

C.
Stuxnet

D.
Welchia

Explanation:
The Stuxnet worm was used in an act of cyber warfare against Iranian industrial control systems (ICSs).
Stuxnet is a Microsoft Windows worm that was discovered in the wild as early as 2008. It was written to target
specific ICSs by modifying code on programmable logic controllers (PLCs). Stuxnet initially exploited
vulnerabilities in the printer spooler service? however, later variants exploited a vulnerability in the way thatWindows processes shortcuts. Research from Symantec published in 2011 indicated that at the time, more
than 60% percent of the Stuxnetaffected hosts had been in Iran. Symantec analyzed Stuxnet and its variants
and discovered that five organizations were the primary targets of infection and that further infections were
likely collateral damage from the aggressive manner in which the worm spreads throughout the network. Given
the considerable cost in resources and manhours that would have been required to craft the Stuxnet worm, it
was theorized that it was likely intended to sabotage highvalue targets such as nuclear materials refinement
facilities.
Blaster is a worm that targeted a vulnerability in the Distributed Component Object Model (DCOM) Remote
Procedure Call (RPC) service on Microsoft Windows hosts. The worm carried a destructive payload that
configured the target host to engage in Denial of Service (DoS) attacks on Microsoft update servers.
Like Blaster, Welchia is a worm that targeted a vulnerability in the DCOM RPC service. In fact, Welchia
exploited the exact same vulnerability as the Blaster worm. Welchia was developed to scan the network for
vulnerable machines, infect them, and then remove the Blaster worm if present. It was even designed to
download and install the appropriate patch from Microsoft to fix the vulnerability that it and Blaster initially
exploited to infect the target machine. However, despite the goodnatured design intentions of the Welchia
worm, its networkscanning component inadvertently caused DoS attacks on several large networks, including
those of the United States armed forces. Welchia was also referred to by the name Nachi.

Cisco: Protecting Industrial Control Systems with Cisco IPS Industrial Signatures
Symantec: Security Response: W32.Stuxnet Dossier (PDF)


Leave a Reply