Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

Stuxnet May Mean More Than Delayed Iranian Plans


 

Cyber-security is a key factor in today's world. From the overwhelming need to protect entire countries to the simple need to protect commercial secrets and personal information stored on home computers, our lives are managed by the computers that surround us, and in some cases, security at every level relies on the tactics society employs to protect the electronic systems that run everything from international banking to nuclear plants. The ability to protect nuclear facilities, though, came into question with the release of the Stuxnet worm.

Understanding the Threat

Likely active since early June, this worm has received quite a bit of press in the last few months because sixty percent of the affected computers that have already detected the problem are located within Iran, and many of those are tied to the industrial sites throughout the country, including the Bushehr nuclear plant. The goal appears to be to completely shut down this nuclear facility that was scheduled to go online in October, and that has led many security experts to believe it was designed specifically to stop the Iranians from obtaining the nuclear technology so many major world powers are concerned about.

The worm, however, certainly isn't confined to Iran. It has made an appearance in six other countries, including both the United States and Indonesia. Unlike many other worms, this one isn't actually designed to take data or even change it. This one is literally hardwired to take over systems, like those in the Bushehr nuclear plant, and that's, perhaps, what is most frightening about this technology. Given our complete worldwide reliance on electronic security systems at almost every armed facility in the world, the idea that a simple computer worm could own that system is terrifying to any government official. Stuxnet has the ability to give instructions that could cause an industrial system to self-destruct, and the consequences could be devastating.

For home users, the technology behind this may be frightening, but Stuxnet itself doesn't appear to be a threat. It was designed specifically to target the software that was built by Siemens AG, which happens to be what runs Bushehr. Because of the specificity inside the code, it's becoming increasingly clear that Stuxnet wanted Iran's nuclear plant to suffer as a result of this particular technology.

Unfortunately, while no one knows exactly who might be behind this threat, there is credible evidence that suggests there were four previous related attacks created by the same authors. All of them helped to demonstrate a deep understanding of industrial computer systems, and all of them jeopardized Realtek and JMicron's security certificates, a feat almost unheard of by traditional hackers. That, naturally, has given rise to the idea that this is not an ordinary attack, but one backed by much higher powers. Speculation is running wild that Israel is behind this worm, no evidence has been produced to back that idea.

The Underlying Method of Transmission

One of the single most unique properties of this worm is the way it propagates itself. For many security experts, that alone is one of the most interesting factors. It uses .lnk files, or individually designed shortcuts, to execute the worm as soon as the file itself is opened by the operating system. These files are put on USB drives, and when Windows attempts to browse them, the malware automatically opens them without having to move any further. Because Stuxnet can infect any attached USB drive, this transmission method proves quite accessible and effective, increasing the chances that other malware authors will attempt to use the same method in the future.

It's these .lnk files that also help put other parts of the worm on the system. By adding Win32/Stuxnet.A to the system as a backdoor, it can install two different drivers including WinNT/Stuxnet.A, which has the ability to completely hide the .lnk files and WinNT/Stuxnet B, which can add .tmp files to support the actual deployment onto the system.

To make the system a bit more unusual, the drivers themselves come with a digital certificate from Realtek, which may mean somewhere along the line, the creators managed to access that company's private key, and while it's been revoked now, it doesn't make this problem any less serious.

The actual transmission to the Bushehr facility appears to have been the Russian contractors involved with the project. After an attack on that contractor's website, the problems with Stuxnet fast became apparent, and a number of different security experts have since concluded that this had to be the primary transmission source for Iran's massive problems with the worm.

Detection and Removal

While companies like Windows have now built the technology to help detect the worm and Siemens built technology to remove the worm from affected systems, the real problem still lies with the potential damage, and that's not necessarily something a simple patch can fix.

Sure, antivirus software and comprehensive security systems will always be the best way to go, but the moral of the story remains that the malware continues to get more sophisticated, and that may make it easier to evade even the most up-to-date systems. Stuxnet is hardly the only worm of this type people will see in the coming years, and it's difficult to predict how much worse it will get in the generations of malware to be released over the next few years.



We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

NEWS | ARTICLES | REVIEWS | CONTACTS | LINK TO US
All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service