The first unprecedented fact is the amount of zero-day exploits this malware uses: four, including this vulnerability I wrote about a little while ago. The second is the techniques it uses to infect and spread, including rootkit technology. The third is its size, unusually big for a virus. The forth is the fact that it uses two different stolen digital certificates to pretend being legit software and thus adding to its stealthiness. So it wasn’t long before it became evident that the amount of resources that came into play to generate such piece of malware, dubbed “the first cyber super-weapon” and “best malware ever”, were probably state-backed. Speculations have been flying around as to what is its country of origin. It apparently has been seen infecting industrial computer systems in Iran. It is very cleverly programmed. Although its main attack vector (entrance point) is USB flash drives, it is programmed to infect no more than 3 computers per infected USB flash drive, so it doesn’t spread too fast and thus it adds to its stealthiness.

One last thing about stuxnet, and this is the icing on the cake: the subject is so trendy that if you were to search for “stuxnet” on Google and other search engines, some of the search results are landing users in malicious websites that will infect your computer (not with stuxnet) in the usual drive-by download infection technique I’ve covered before. For the common user, it is ironically the most dangerous aspect of stuxnet.