The Stuxnet virus, which infiltrates the systems used to run factories and parts of the critical infrastructure in manufacturing and utility companies, was only discovered in June this year.
However, it hasn't stopped the malware spreading quickly, and even being labelled by some researchers as a "groundbreaking" piece of malware.
In fact, it's so devious in its use of unpatched vulnerabilities, the security researchers who tore it apart believe it may be the work of state-backed professionals.
"It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team.
"I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.
O Murchu and Schouwenberg should know: They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four - an unprecedented number for a single piece of malware.
Stuxnet, which was first reported in mid-June by VirusBlokAda, a little-known security firm based in Belarus, gained notoriety a month later when Microsoft confirmed that the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.
Those control systems are often referred to using the acronym SCADA, for 'supervisory control and data acquisition'. They run everything from power plants and factory machinery to oil pipelines and military installations.
At the time it was first publicly identified in June, researchers believed that Stuxnet - whose roots were later traced as far back as June 2009 - exploited just one unpatched, or 'zero-day', vulnerability in Windows and spread through infected USB flash drives.
Iran was hardest hit by Stuxnet, according to Symantec researchers, who said in July that nearly 60% of all infected PCs were located in that country.
On August 2, Microsoft issued an emergency update to patch the bug that Stuxnet was then known to exploit in Windows shortcuts.
But unbeknown to Microsoft, Stuxnet could actually use four zero-day vulnerabilities to gain access to corporate networks. Once it had access to a network, it would seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.
NEXT PAGE: Never seen before
- Worm could be state-backed
- Never seen before
- Minimising the risk
- When did attacks begin?
Comments
Matt Tysoe said: A non windows machine an insurance policy
Matt Tysoe said: What about AmigaOS 41
Christian said: Beppe Brillo That may be true but there is no denying the fact that a virus writer will always get a higher ROI when targetting MS OSes A banks system may be non MS but once you infect a few workstations on that network youre quids in regardless of the server OS in many cases
Christian said: Beppe Brillo That may be true but there is no denying the fact that a virus writer will always get a higher ROI when targetting MS OSes A banks system may be non MS but once you infect a few workstations on that network youre quids in regardless of the server OS in many cases
Beppe Brillo said: Christian The other OSes arent worth targeting not true Maybe almost all desktops run winSomething but most of mission-critical servers including big service providers banking networks and other corporate users run Unix or Linux or BSD Microsoft never managed to become the near-monopolist in those sectors not even the major player For a cybercriminal to target a non-microsoft system IS worth alot
Christian said: Wow joeobo I wouldnt be so smug if I was you Maybe Windows is targeted because oh say pretty much every give or take computer on the planet runs on itThe other OSes arent worth targeting
joeobo said: Why anyone would use Windows for mission critical anything is totally beyond me Why is it the press ALWAYS leaves out the most important part in all virus coverage ONLY AFFECTS MS WINDOWS
mcburnie said: Iran was hardest hit wonder why
bob said: Surely the main reason why linux isnt as troubled by viruses is because virtually no-one uses itIf everyone switches to linux then so will the virus writers and it will be just as bad as before - probably worse actually as there wouldnt be the resources of Microsoft to fix any bugs found
ND said: Linux anyone
Mark Simpson said: There is another possibility - its SkynetTaking control of manufacturing machines so it can build Terminators lol
onion said: holy cow thats some real scary stuff