nuclear-news

How the Stuxnet computer worm works

The attack is still ongoing and new versions of this virus are spreading,

Report: Stuxnet Worm Attacks Iran, Who is Behind It?  PCMag.com 28 Sept 10,   By: Chloe Albanesius, Larry SeltzerThe Stuxnet worm has already infected 30,000 IP addresses in Iran and is still mutating, according to Monday press reports.

“The attack is still ongoing and new versions of this virus are spreading,” Hamid Alipour, deputy head of Iran’s Information Technology Company, was quoted as saying by IRNA, Iran’s official news agency, AFP reported……It also also affected India, Indonesia, and Pakistan, but Iran appears to be affected most…..

The worm drops itself on the system and adds a link to that copy on any removable drives. Loading that drive on another system exploits the LNK vulnerability and loads the malware automatically on that system.

This was impressive enough when it came to light, but in fact Stuxnet uses three other zero-day vulnerabilities to spread under various circumstances. To make the programs look legitimate, at least two compromised code signing certificates of legitimate companies were used to sign the malicious code, perhaps letting it slip through other defenses.

Together, all this sets a new record of Bob Beamon caliber and definitely merits further scrutiny.

Another aspect of Stuxnet that stood out early on was that the actual purpose behind all the sophisticated penetration is to locate and take control of SCADA systems. If it finds such systems, it attempts to steal code and design projects. But wait, there’s more.

Stuxnet also looks for a programming interface to PLCs (Programmable Logic Controllers) to inject its own code in that PLC. It also monitors access to the PLCs so that when someone attempts to view the code on them, the injected code is not viewed. This makes Stuxnet a new kind of rootkit.

Report: Stuxnet Worm Attacks Iran, Who is Behind It? | News & Opinion | PCMag.com

September 28, 2010 - Posted by Christina Macpherson | 2 WORLD, technology