Stuxnet is computer malware first discovered in July, 2010 that mainly targeted Windows PCs and other industrial software and equipment. The worm exploited a zero-day vulnerability in Windows. It is believed that Stuxnet spread through infected USB flash drives.
The Stuxnet software is designed to attack only designated targets and was thus considered a technical blockbuster in malware. Stuxnet caused little (or no) harm to the computers and networks that did not meet the specific requirements. The worm would make itself inert in systems where the Siemens software was not found and would restrict the infected computer from spreading the worm to no more than three others. Stuxnet was designed to erase itself on June 24, 2012.
Stuxnet is believed to be the first malware ever discovered that subverted industrial systems. Infected computers in Iran represented 60% of all computer infected with Stuxnet.
Unbeknownst to Microsoft, Stuxnet used four unpatched - otherwise known as zero-day - vulnerabilities to affect the corporate networks. Once the worm had gained access, it would attack specific machines that managed Siemens Supervisory Control and Data Acquisition (SCADA) systems. The Stuxnet worm infects the PLC rootkits by subverting the Step 7 software application, which is used to reprogram this type of equipment.
Iran was largely hit by Stuxnet as several flavors of Stuxnet targeted five big Iranian companies, including those involved in uranium enrichment infrastructure.
Besides other things, Stuxnet includes a program for a man-in-the-middle-attack that mimics the industrial process control sensor signals. This prevents an infected computer from shutting down due to an ABEND, or program crash.
Security researchers who examined Stuxnet believe that its sophistication and multipronged approach suggest that it was designed by talented professionals, perhaps acting on behalf of government(s).
Read More »