observations and reports

Describing a piece of code as the “best malware ever” seems a bit oxymoronic, but Stuxnet might actually fit the bill. The malware has been operating undetected since early this year. In June, it was finally identified by a small security company in Belarus called VirusBlokAda. 

Researchers from both Kaspersky and Symantec say they have never seen a piece of malware utilize that many avenues of attack. “That’s really, really crazy,” Liam O Murchu of Symantec told InfoWorld. … Stuxnet boasts a laser-like focus. It specifically targets so-called SCADA systems that control large-scale industrial facilities like factories, power plants, oil pipelines and even military installations. Once inside a network, often thanks to being planted with an infected USB drive, the worm spreads quietly, and passes new instructions to industrial machinery attached to the network. 

The worm went largely undetected because the creators intentionally limited its spread. Each machine infected could only pass Stuxnet to three additional machines, and it would only target those that had SCADA software installed. The malware also used two stolen digitally signed certificates to avoid detection by security software. “The organization and sophistication to execute the entire package is extremely impressive,” said Roel Schouwenberg, a researcher at Kaspersky. 

Stuxnet is so sophisticated that both Schouwenberg and O Murchu told InfoWorld they doubt that it could be the work of an elite cybercrime game, nor a single hacker. “They wanted to reprogram the PLCs (programmable logic controls) and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage,” O Murchu said. Schouwenberg followed by saying “the most plausible scenario is a nation state-backed group.” 

Stuxnet seems to be clearly targeted at Iranian facilities, which leaves us with one major question: who is brazen enough to start a cyber-war with the notoriously unpredictable country?