Stuxnet: The most serious threat yet?

The Stuxnet worm has been causing alarm bells to ring in the security industry but what is it and how serious a threat does it pose?

ANALYSIS With so many different forms of threats out there, it is rare that one comes along to stand out from the crowd.

Stuxnet is something unique, however. It has been causing something of a stir in the security community since it was first spotted by a small company from Belarus named VirusBlokAda.

When Microsoft put out an alert over the virus in July, Stuxnet quickly moved from being a relative unknown to something serious.

Then earlier this month, Stuxnet was observed doing something unprecedented: exploiting four zero-day vulnerabilities at once. It is this advanced capability that has caused such a commotion.

So how has it made such a splash in such a small amount of time and what are hackers doing with it?

How does it work?

A trio of big time companies, including Microsoft itself, Kaspersky and Symantec, has been busy tracking the worm.

When it was first identified, Stuxnet was found using a .lnk file vulnerability to spread through USB drives.

Microsoft explained that with this, Stuxnet takes advantage of specially-crafted shortcut files the .lnk files - placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system.

"In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction," Microsoft explained.

As for the four other vulnerabilities Stuxnet has been found exploiting, one is the same as a flaw used by the notorious Conficker worm last year.

Another uses a vulnerability in the Windows Print Spooler to spread, taking advantage of this weakness to send malicious code to a remote computer where it is then executed.

"By virtue of the features of this vulnerability, the infection can spread to computers using a printer or through shared access to one. Having infected a computer connected to a network, Stuxnet then attempts to spread to other computers," Kaspersky explained.

All of these vulnerabilities have now been patched, but two remain, although they are less serious.

These unpatched security holes are used by Stuxnet to let the attacker move from having limited control over a computer, up to privileged access, meaning a system could be completely compromised. Microsoft has said it intends to fix these in a future security bulletin.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

15 Oct 2021
Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021