Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda , a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram theprogrammable logic controllers(PLCs) and hide the changes.
It is the first-ever computer worm to include a PLC rootkit. It is also the first known worm to target critical industrial infrastructure. Furthermore, the worm's probable target has been said to have been high value infrastructures in Iran using Siemens control systems. According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant.Siemens has stated however that the worm has not in fact caused any damage.
European digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world." Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60 percent of the infected computers worldwide were in Iran, suggesting its industrial plants were the target. Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyber warfare.
A study of the spread of Stuxnet by Symantec showed that the main affected countries as of August 6, 2010 were:[17]
| Country | Infected Computers |
|---|---|
| China | 6,000,000 (unconfirmed) (October 1) |
| Iran | 62,867 |
| Indonesia | 13,336 |
| India | 6,552 |
| United States | 2,913 |
| Australia | 2,436 |
| Britain | 1,038 |
| Malaysia | 1,013 |
| Pakistan | 993 |
| Germany | 5 (September) |
Stuxnet attacks Windows systems using four zero-day attacks (including the CPLINK vulnerability and a vulnerability used by the Conficker worm) and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives and then uses other exploits to infect other WinCC computers in the network. Once inside the system it uses the default passwords to command the software. Siemens, however, advises against changing the default passwords because it "could impact plant operations."
The complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure. The number of used zero-day Windows exploits is also unusual, as zero-day Windows exploits are valued, and hackers do not normally waste the use of four different ones in the same worm. Stuxnet is unusually large at half a megabyte in size, and written in different programming languages (including C and C++) which is also irregular for malware. It is digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled. These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. Eric Byres, who has years of experience maintaining and troubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not years.
A Siemens spokesperson said that the worm was found on 15 systems with five of the infected systems being process manufacturing plants in Germany. Siemens claims that no active infections have been found and there were no reports of damages caused by the worm.
Latest stories
The Stuxnet worm is a frightening wakeup call
by Susan Wilson Even though the Stuxnet worm, known as "malware of the century" has attacked computer systems around the world, Iran is claiming that it was ... read more
Iran blames Stuxnet worm on Western plot
By Gregg Keizer Computerworld - Iran today made its strongest statement yet that it believes a Western plot is behind the Stuxnet worm that has infected ... read more
Iranian Foreign Minister Points Stuxnet Finger at the West
(Oct. 5) -- A little late to the party, the Iranian foreign minister said today that the infiltration of Stuxnet, a highly sophisticated malware worm, ... read more
Cyber virus 'Stuxnet' was harmless, says company manager
A recently discovered cyber virus known as “Stuxnet” only made waves in the media as experts were able to quickly thwart the risk, according to the Europe, ... read more
Stuxnet could hurt world economic development, says Microsoft CEO
The advent of sophisticated new malware such as Stuxnet could hamper the development of cloud computing and consequently economic development, Microsoft CEO ... read more
NitroSecurity And Stuxnet
Stuxnet changed all this. Stuxnet provides a real-world example of malware specifically intended to infect, propagate, and potentially disrupt a control ... read more
Critical infrastructure firms feel prepared for cyber attacks
The Stuxnet worm, which targets industrial control systems, shows that attacks on critical infrastructure are stronger than ever, according to Somaini. ... read more
Special Report The Pentagon's cyber warriors
Their case has been helped by the recent emergence of Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial ... read more
