You may have read about it on the news. Stuxnet is the name of this piece of malware. Before you get the impulse of turning off your computer after you read about what it can do, let me say that this one targets specific windows based computers that manage industrial control systems (ICS), so the normal user computer is not a target, although that doesn’t mean your computer cannot get infected by it. It’s just not going to make your computer the target of its payload (what the virus does when it becomes active or executes). But even that is one of the remarkable things about this piece of malware – we’ll circle back to that.
The first unprecedented fact is the amount of zero-day exploits this malware uses: four, including this vulnerability I wrote about a little while ago. The second is the techniques it uses to infect and spread, including rootkit technology. The third is its size, unusually big for a virus. The forth is the fact that it uses two different stolen digital certificates to pretend being legit software and thus adding to its stealthiness. So it wasn’t long before it became evident that the amount of resources that came into play to generate such piece of malware, dubbed “the first cyber super-weapon” and “best malware ever”, were probably state-backed. Speculations have been flying around as to what is its country of origin. It apparently has been seen infecting industrial computer systems in Iran. It is very cleverly programmed. Although its main attack vector (entrance point) is USB flash drives, it is programmed to infect no more than 3 computers per infected USB flash drive, so it doesn’t spread too fast and thus it adds to its stealthiness.
One last thing about stuxnet, and this is the icing on the cake: the subject is so trendy that if you were to search for “stuxnet” on Google and other search engines, some of the search results are landing users in malicious websites that will infect your computer (not with stuxnet) in the usual drive-by download infection technique I’ve covered before. For the common user, it is ironically the most dangerous aspect of stuxnet.