Sophisticated stuxnet malware is approaching 18 months old

According to the report, the majority of infections were found in Iran and the worm contains a number of new and sophisticated features such as the ability to self-replicate through removable drives, exploiting a vulnerability that allows auto-execution.

The research, which was authored by Nicolas Falliere, Liam Murchu, and Eric Chien, observes that Stuxnet is a threat targetting a specific industrial control system likely in Iran, such as a gas pipeline or power plant.

The ultimate goal of the malware, says the study, is to sabotage the Iranian facilities by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to - i.e. outside of their specified boundaries.

The report reveals that Stuxnet is a complex piece of code that generates no less than 32 payload exports and can spread in multiple environments, including in local area networks using a vulnerability in the Windows print spooler, as well as tapping Windows Server to hit smaller enterprises.

One interesting feature, Infosecurity notes, is the malware's ability to fingerprint a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system.

The report is highly technical, but its conclusions are profound, as it says that Stuxnet represents a milestone in malicious code terms, since it is the first to exploit four zero-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems - and hide the code from the operator.

"Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure - overshadowing the vast majority of current attacks affecting more virtual or individual asset - or if it is a once- in-a-decade occurrence remains to be seen", concludes the report.

"Stuxnet is of such great complexity - requiring significant resources to develop - that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear", the study says.

"However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines", it adds.

"The real-world implications of Stuxnet are beyond any threat we have seen in the past. Despite the exciting challenge in reverse engineering Stuxnet and understanding its purpose, Stuxnet is the type of threat we hope to never see again."



What’s Hot on Infosecurity Magazine?