We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,088 News Articles

Why Stuxnet could be the best malware ever

Experts believe worm could be state-backed

The Stuxnet virus, which infiltrates the systems used to run factories and parts of the critical infrastructure in manufacturing and utility companies, was only discovered in June this year.

However, it hasn't stopped the malware spreading quickly, and even being labelled by some researchers as a "groundbreaking" piece of malware.

In fact, it's so devious in its use of unpatched vulnerabilities, the security researchers who tore it apart believe it may be the work of state-backed professionals.

"It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.

"I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.

O Murchu and Schouwenberg should know: They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four - an unprecedented number for a single piece of malware.

Stuxnet, which was first reported in mid-June by VirusBlokAda, a little-known security firm based in Belarus, gained notoriety a month later when Microsoft confirmed that the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.

Those control systems are often referred to using the acronym SCADA, for 'supervisory control and data acquisition'. They run everything from power plants and factory machinery to oil pipelines and military installations.

At the time it was first publicly identified in June, researchers believed that Stuxnet - whose roots were later traced as far back as June 2009 - exploited just one unpatched, or 'zero-day', vulnerability in Windows and spread through infected USB flash drives.

Iran was hardest hit by Stuxnet, according to Symantec researchers, who said in July that nearly 60% of all infected PCs were located in that country.

On August 2, Microsoft issued an emergency update to patch the bug that Stuxnet was then known to exploit in Windows shortcuts.

But unbeknown to Microsoft, Stuxnet could actually use four zero-day vulnerabilities to gain access to corporate networks. Once it had access to a network, it would seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.

NEXT PAGE: Never seen before

  1. Worm could be state-backed
  2. Never seen before
  3. Minimising the risk
  4. When did attacks begin?


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...