Skip navigation.
Home

How do I get a flash drive infected with stuxnet?

|

I downloaded stuxnet from http://tuts4you.com/download.php?view.3011. The files seem valid as I scanned the contents at virustotal. Then I inserted a flash drive and executed the dropper.exe file. According to Microsoft (http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx), the dropper (TrojanDropper:Win32/StuxnetA) should drop the following into the system:

Worm:Win32/Stuxnet.A
Trojan:WinNT/Stuxnet.A
Trojan:WinNT/Stuxnet.B (initially called VirTool:WinNT/Rootkitdrv.HK)
Trojan:Win32/Stuxnet.A
Worm:Win32/Stuxnet.B

Although, it seemed to have triggered some components of stuxnet,(the shortcut and tmp files got hidden, so the rootkit was on its way) I am unable to to trigger Worm:Win32/Stuxnet.A (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fStuxnet.A), which is responsible infecting flash drives. I kept the flash drive attached to the system during the entire process but couldn't find any new files being created.

I need an infected usb because I want to analyses how stuxnet propagates. The Copy of Shortcut to.lnk file present in the downloaded copy won't work with my flash drive because it has target specific to kingston datatraveller 2.0 (you can see the location by opening the file in a hex editor). Also, I tried this out in a xpsp2 system (no anti-virus installed) both with and without step7 installed (Ver:STEP 7-Micro/WIN test version 4.0 E).

Anyone with any directions?

hila

hila