Friday, November 19, 2010

Stuxnet Worm - still in the news

I have posted three times about the Microsoft Windows "Shortcut (LNK)" vulnerability since July. A lot has transpired since then; it's been found to be one of six security issues in Windows that are leveraged by the Stuxnet worm (some of which were previously unknown in the security community).

Stuxnet is in the press right now as being one of the most serious security threats ever unleashed, and is said to be a sort of "new animal" in cyber-warfare. I'll provide some links for further reading below, but the apparent intent and sophisticated behavior of Stuxnet is so, well, awesome (in a bad way) that I do want to summarize what's been learned:
  • Its targeted behavior is very specific - although it propagates via Windows (using USB memory sticks and/or network connections), its ultimate target is a particular brand of industrial controller computer made by Siemens, that are network-connected to those Windows systems
  • Not only is it Seimens "SCADA"-system specific, but its end target are "variable-frequency drives" made by two specific companies, that regulate the speed and operation of electric motors
  • Only motors that are programmed to run within a specific speed band are targeted
  • The speed band corresponds to speeds used by uranium refinement centrifuges
  • The end result is that Stuxnet causes those motors to periodically overspeed and underspeed

It's still not known who wrote Stuxnet, but there is universal agreement that its sophistication and complexity are unprecedented, and unfortunately is probably the first shot fired in a new level of cyber-warfare.

As promised, here are some links if you want to dig deeper:

I promise we have not heard the end of this "worm".

"Shall we play a game?"

No comments:

Post a Comment