Stuxnet.A creates the following files:
* MRXCLS.SYS and MRXNET.SYS, in the folder drivers of the Windows system directory. These files belong to the malware detected as Rootkit/TmpHider. [B]These files have the digital signatures of certain companies, which have been supposedly stolen from them. The aim is to pass themselves as legitimate files.[/B]
Please explain more about bold files
Stuxnet.A creates several random mutexes, in order to ensure that only a copy of the worm is active at any moment.
if it wants to make sure only one stux is running then it must create mutex for evey computer. what does it mean by several random mutexes?
which resource locks by this mutex?
Also Stuxnet is just for attacking some industrial systems, not home or office systems. And their mainly target were iran factories or industries, and china ones. Don't worry it wont do anything on any home or office pc, unless they are in the specific target list of stuxnet.
Basically it means that this virus creates multiple values (files/registry entries) that it checks to see if that system is already infected and by which version of virus.
The Department of Homeland Security (DHS) and a team at the national lab have reverse-engineered and decoded Stuxnet
May someone explain about how to decode stuxnet?
It possible to reverse engineer pretty much any program, however its a complex business. And you would need some knowledge at least of shellcoding and assembly.
There is a dossier available on Stuxnet, I read it a few weeks back, it was made by Symantec and is about 60 pages long but it is a good read.
All the best,
Is there anyone to explain how to decode stuxnet?May you explain more about how to decode it? Is it by assembly?
Stuxnet is one of most advanced malware known to general public. It is made by highly skilled developers with the aim to make reverse engineering it very difficult, even for people who possess necessary skills and resources. And yet you wish to reverse engineer it yourself... Google for disassembly, malware forensics. Look through giac.org / sans.org certification materials and whitepapers on software forensics. Or to get the picture - try figuring out the exact algorithm of tracert.exe utility that comes with windows.