Stuxnet ‘much more sophisticated than Aurora’

gallery

Stuxnet is considerably more impressive than the malicious software used in the Aurora attack that hit Google last year, according to a threat researcher.

The Stuxnet worm is far more sophisticated than the malware which, according to Google, emanated from China and was used to steal intellectual property from the search giant, claimed Stefan Tanase, a senior security researcher from Kaspersky.

Speaking at a press event in Munich, Tanase noted how Stuxnet can be controlled in two different ways – via a command and control centre, as well as through peer-to-peer connections, where infected machines communicate with one another.

This dual power means Stuxnet can update even when a command and control centre is taken out – something the Aurora malware was unable to do.

Furthermore, Stuxnet exploits vulnerabilities in Windows operating systems from XP through to Windows 7. Aurora only exploited a flaw in Internet Explorer 6, a notably old version of the browser.

The worm also uses stolen signatures from two different companies to dupe people into downloading what they believe to be a legitimate file. This makes it difficult for anyone to know which files to trust and signed malware is likely to become more prevalent in the future, Tanase claimed.

“Stuxnet is the first moment where cyber crime is moving from pick-pocketing, stealing bucks from as many people as possible, to things that really affect the infrastructure and really affect our power plants, our factories, our systems,” Tanase said.

“I think that attacks like Stuxnet are too complex to become mainstream, I don’t think they will be in everyday use in the future, but targeted attacks will continue.”

Companies do not like to disclose being hit by worms or malware as serious as Stuxnet and so many events will slip under the radar, Tanase added.

As previously reported by IT PRO, Stuxnet has the potential to take over industrial control systems, meaning it could conceivably be used to change cooling levels in power plants or bring a halt to production lines.

Due to the sophistication and money it would have taken to produce Stuxnet it is believed by some that the worm has been created with state backing, and Tanase’s suspicion is that this is true.

There is currently no evidence of any damaging effects on industrial plants as yet, but Tanase believes if an event did happen then the organisations involved would most likely not disclose what happened.

Email to a friend

Print this page