F-Secure says the emergence of Stuxnet is one of the main security developments of the decade

According to the IT security vendor, the highly complex Stuxnet Windows worm - discovered in June 2010 - is the first malware to target specific industrial systems.

The malware, says F-Secure, spreads via USB sticks and can also spread by copying itself to network shares if users have weak passwords once it is inside an organisation.

After infecting the system, Stuxnet hides itself with a rootkit and checks if the infected computer is connected to a Siemens Simatic factory system. Stuxnet can then make complex modifications to the system.

The veteran IT security firm says that its research suggests that Stuxnet has infected hundreds of thousands of computers around the world, but the large number of infections in Iran has led to speculation that it was designed by a government trying to sabotage Iran's nuclear programme.

It's not all about Stuxnet, however, as the report notes that there is a real danger of a global worm outbreak on iOS, whilst spam on social networks is fast becoming a serious problem.

The quarterly report notes that websites like Facebook and Twitter are attractive to malware writers because they spread information quickly, but this also means that Twitter and Facebook users can stop the spread of malware faster than before.

Sean Sullivan, a security advisor at F-Secure, said that social networks have built-in antibodies - their users.

"Whereas the malicious attacks of yesteryear took weeks or even months to develop, the recent Twitter attacks peaked and ebbed in just two and a half hours", he explained.

The biggest security story on the mobile front during Q3 has been the jailbreakme.com website, which made it possible to jailbreak an iPhone, iPad or iPod Touch simply by visiting the website with the device.

F-Secure notes that Jailbreakme.com used an exploit to execute code on the device and, according to Mikko Hypponen, the firm's chief research officer, anyone could have used the same vulnerability to execute malicious code on iPhones and iPads, which could have resulted in the first global mobile worm outbreak.

"Luckily this did not happen and Apple released a new version of iOS to patch the vulnerability on most of their platforms", he said, adding that, since 2004 there have only been 517 families of mobile viruses, worms and trojans.

What’s hot on Infosecurity Magazine?