Barracuda: Stuxnet 'underplayed and overplayed'

gallery

The qualities of the notorious Stuxnet virus have been underplayed in terms of its sophistication, yet overplayed in terms of its prevalence.

So says Dr Paul Judge, chief research officer and vice president of cloud services at Barracuda Networks, who noted whilst Stuxnet was “probably the most complex piece of malware” ever seen, it was not particularly widespread.

In terms of its spread, it paled in comparison to threats like Zeus and the Kracken or Mariposa botnets, Judge told IT PRO at a Barracuda conference in Austria.

He also noted a flaw in Stuxnet itself, in that the creators forgot to put in a clean-up mechanism.

“If there was a clean-up mechanism in Stuxnet, we never would have known about it,” Judge said.

“The question then is, how many very targeted attacks [are] out there like this that the community doesn’t get to talk about.”

Regardless of this possible mistake by the worm’s creators, Judge agreed with other members of the security industry this was the work of an organised team and they had created something vastly complex.

“This wasn’t some guy at night doing it at the weekends, these guys went to an office and they had status reports. This was very organised,” he added.

His comments came after Microsoft fixed a vulnerability that could have been exploited by Stuxnet earlier this week in its Patch Tuesday release.

Microsoft had previously said it would be fixing four vulnerabilities targeted by Stuxnet, three of which have now been patched.

In a blog post, the Redmond giant explained it expected to address the final flaw in an upcoming bulletin.

Email to a friend

Print this page