SWAM: Stuxnet Worm Analysis in Metasploit

Nowadays cyber security is becoming a great challenge. Attacker´s community is progressing towards making smart and intelligent malwares (viruses, worms and Root kits). They stealth their existence and also use administrator rights without knowing legal user. Stuxnet worm is an example of a recent malware first detected in July 2010. Its variants were also detected earlier. It is the first type of worm that affects the normal functionality of industrial control systems (ICS) having programmable logic controllers (PLC) through PLC Root kit. Its main goal is to modify ICS behavior by changing the code of PLC and make it to behave in a way that attacker wants. It is a complex piece of malware having different operations and functionalities which are achieved by exploiting zero day vulnerabilities. Stuxnet exploits various vulnerable services in Microsoft Windows. In this paper we will show real time simulation of first three vulnerabilities of these through Metasploit Framework 3.2 and analyze results. A real time scenario is established based on some assumptions. We assumed Proteus design (pressure sensor) as PLC and showed after exploitation that the pressure value drops to an unacceptable level by changing Keil code of this design.