What is Stuxnet (computer worm)?
Stuxnet ist eine Computer-Malware, die erstmals im Juli 2010 entdeckt wurde und hauptsächlich auf Windows-PCs und andere industrielle Software und Geräte abzielte. Der Wurm hat eine Zero-day vulnerability in Windows ausgenutzt. Es wird vermutet, dass sich Stuxnet über infizierte USB-Sticks verbreitet.
The Stuxnet software is only intended to attack certain targets and was therefore seen as a technical blockbuster in malware. Stuxnet did little (or no) damage to computers and networks that did not meet the specific requirements. The worm would inactivate itself in systems where the Siemens software could not be found and prevent the infected computer from spreading the worm to more than three others. Stuxnet was designed to be deleted on June 24, 2012.
Stuxnet is believed to be the first malware to ever detect underdeveloped industrial systems. Infected computers in Iran accounted for 60% of all computers infected with Stuxnet.
What Microsoft didn't know, Stuxnet used four unpatched security holes, also known as zero-day vulnerabilities, that affect corporate networks. Once the worm gained access, it would attack certain machines that managed Siemens Supervisory Control and Data Acquisition (SCADA) systems. The Stuxnet worm infects the PLC rootkits by subverting the Step 7 software application, which is used to reprogram this type of device.
Iran was hit hard by Stuxnet as several Stuxnet variants targeted five large Iranian companies, including those involved in the uranium enrichment infrastructure.
Among other things, Stuxnet contains a program for a man-in-the-middle attack that mimics the sensor signals used in industrial process control. This prevents an infected computer from shutting down due to an ABEND or program crash.
Security researchers who have studied Stuxnet believe that its refinement and multi-faceted approach suggest that it was designed by talented professionals who may be acting on behalf of the government (s).