Stuxnet is a new piece of malware that is spreading widely through the use of USB flash drives. It is starting to be quite a danger, especially in industrial plants, and many in the security business are getting very nervous. What follows is an FAQ about the Stuxnet malware.
How does Stuxnet spread?
Stuxnet spreads through USB devices. A recently discovered Microsoft Windows vulnerability has been found to allow a program to run just by browsing to a folder that contains a shortcut to it, or a ".lnk" file. Once the worm runs it scans to see if the computer is running software created by a company known as Siemens, which is very popular in certain industries. If this is the case, the worm is able to install itself on the victim computer. It will infect all future removable media that is connected to the computer and installs a rootkit, a very sophisticated type of software that deletes all record of the worm existing on the computer. After that the computer continues to steal as much data as possible from the computer and transmit it back to a remote location.
What does Stuxnet do?
Stuxnet is considered by many people to be the first-ever "control system" malware. What this means is that it has the capability of infecting control systems for large companies and factories that use software created by Siemens. Unfortunately, this software is very widely used, especially in large industrial manufacturing organizations, small and large utilities, and even defense systems. In one case it was found that this software could infect nuclear-powered aircraft carriers.
How widespread is Stuxnet and where is it most common?
At the moment Stuxnet is not that widespread. It is most common in India, Indonesia, Iran, Pakistan, Afghanistan, the United States, and Malaysia, in that order. However, it has the potential to spread very rapidly. It only affects computers running Siemens software, but computers without that software can still act as "carriers," infecting other removable media that is inserted into them. Other countries have seen infections, but mostly they have been localized and have not caused any damage so far.
How dangerous is Stuxnet?
This is always the big question with a large virus outbreak. Right now Stuxnet is not that dangerous. Unfortunately, it is targeted at "Control Systems." Siemens is most known for making software for sophisticated systems used in such areas as the military, large industrial plants, and utility plants. If any of these were to be infected the damage could be irreparable. The infection is clearly tailored to steal confidential information and possibly shut down "smart grids." Therefore, while it is not a danger to consumers, any large corporation or plant must be very careful to avoid this infection.