Share

Related Links

Top 5 Stories

News

Many hands cooperated to build Stuxnet worm

05 November 2010

More than 30 people built Stuxnet worm, noted Brian Tillett, information security researcher at Symantec. Stuxnet has attacked a range of targets including Iranian nuclear facilities and Chinese computers.

Tillett told the IdentEvent 2010 conference held this week that he found traces of more than 30 programmers in the Stuxnet worm source code, according to a report on The Atlantic magazine website.

Also, the peer-to-peer network built into the Stuxnet worm was encrypted to FIPS 140-2 standards, according to Tillett.

As previously reported by Infosecurity, the Stuxnet worm is a specialized malware targeting supervisory control and data acquisition (SCADA) systems, which monitor and control industrial processes, such as those in nuclear power plants or in facilities for water treatment.

The Stuxnet worm uses several vulnerabilities in the underlying Windows operating system for infection and propagation. Infection works via USB drives or open network shares. A root kit component hides the content of the malware on infected systems. An infected system can usually be controlled remotely by the attacker. In the end this means that the attacker can gain full control of the facility.

According to a Symantec white paper, there were 100 000 hosts infected by the Stuxnet worm, and over 40 000 unique external IP addresses in over 155 countries, as of Sept. 29, 2010. Most of the Stuxnet infections were in Iran, with Indonesia a distant second, and India third.

The concentration of infections in Iran indicates that this was the initial target for infections.

“While Stuxnet is a targeted threat, the use of a variety of propagation techniques…has meant that Stuxnet has spread beyond the initial target. These additional infections are likely to be ‘collateral damage’ – unintentional side-effects of the promiscuous initial propagation methodology utilized by Stuxent. While infection rates will likely drop as users patch their computers against the vulnerabilities used for propagation, worms of this nature typically continue to be able to propagate via unsecured and unpatched computers”, the Symantec researchers concluded.

This article is featured in:
Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×