Stuxnet is a dangerous computer worm which was found on 17th June 2010. A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself. It was discovered by Sergey Ulasen from a Belarusian antivirus company VirusBlokAda, and initially spread via Microsoft Windows which targeted Siemens industrial control systems.
Features
Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machines. Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack, a link file that completes the copies of the worm and a rootkit component responsible for hiding all malicious files and prevents detection of Stuxnet. It is typically introduced to the target environment via an infected USB flash drive. The worm initially spreads normally, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control systems that are configured to control and monitor specific industrial processes.
Incidents and Possible Exposure
Many countries have been affected by the worm, but Iran remains the highly affected country at 58.9%. It was first installed on a computer at the Natanz Nuclear Facility in 2009 which caused significant damage to Iran’s nuclear facility. The virus sabotaged Iran’s uranium enrichment facilities by causing technical problems. Stuxnet is claimed to be a cyberweapon built jointly by the two countries in a collaborative effort known as Operation Olympic Games. The worm was used to alter the speed of centrifuges which could have resulted in accidents. International Atomic Energy Agency (IAEA) cameras installed in the Natanz facility recorded removal of approximately 900–1,000 centrifuges. However, the centrifuges were quickly replaced and the report concluded that uranium enrichment was briefly disrupted.
Avoiding Attacks
Siemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support if an infection is detected and advises installing Microsoft updates for security problems and prohibits the use of third-party USB flash drives.
