It is the first-ever computer worm to include a PLC rootkit. It is also the first known worm to target critical industrial infrastructure.Furthermore, the worm's probable target has been said to have been high value infrastructures in Iran using Siemens control systems.According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant. Siemens has stated, however, that the worm has not in fact caused any damage.
Speaking at the Kaspersky Security Symposium with international journalists in Munich, Germany, Kaspersky described Stuxnet as the opening of "Pandora's Box."
"This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems," he said.
"I am afraid this is the beginning of a new world. 90-ies were a decade of cyber-vandals, 2000's were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyber-terrorism," Kaspersky added.
Researchers at Kaspersky Lab discovered two of the four zero-day vulnerabilities the worm exploits, which they reported directly to Microsoft. The analysts then worked closely with Microsoft during the creation and release of the patches for these vulnerabilities.
| Country | Infected Computers |
|---|---|
| China | 600,000,000 (unconfirmed) (October 1) |
| Iran | 62,867 |
| Indonesia | 13,336 |
| India | 6,552 |
| United States | 2,913 |
| Australia | 2,436 |
| Britain | 1,038 |
| Malaysia | 1,013 |
| Pakistan | 993 |
| Finland | 7 |
| Germany | 5(September) |
What does it do?
The reporting on this question has been maddeningly vague. Siemens says that Stuxnet "can theoretically influence specific processes and operations in a very specific automation environment or plant configuration in addition to passing on data," though it has been unable to verify that finding in testing. Supposedly, the worm was designed to send data to a server in Malaysia, which may or may not have been a "command center" that could seize control of PLCs or Programmable Logic Controllers, components used to operate and monitor industrial machinery. The consensus among people who've studied the code seems to be that its aim is sabotage, not simply espionage. But exactly how that was supposed to work remains unclear.
Ok, in theory: what could it do?
A: It could adjust motors, conveyor belts, pumps. It could stop a factory. With right modifications, it could cause things to explode.
A: It could adjust motors, conveyor belts, pumps. It could stop a factory. With right modifications, it could cause things to explode.
Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.
Disabling AutoRun in Windows will stop USB worms, right?
A: Wrong. There are several other spreading mechanisms USB worms use. The LNK vulnerability used by Stuxnet would infect you even if AutoRun and AutoPlay were disabled.
A: Wrong. There are several other spreading mechanisms USB worms use. The LNK vulnerability used by Stuxnet would infect you even if AutoRun and AutoPlay were disabled.
The current versions have a "kill date" of June 24, 2012. It will stop spreading on this date.
