There is a worm making the rounds that has the potential to cause absolute chaos among companies that serve as the critical infrastructure for several nations across the globe. The name of the worm is Stuxnet, and so far it has executed attacks not only in the United States, but also way across the map in India and Iran. Keep reading to find out why this worm is particularly frightening in its potential impact.
Although specifics on which exact companies have been attacked by the Stuxnet worm remain secret, it has been leaked that in the United States, companies within the energy industry have been targeted, according to representatives of Symantec Security Response.
The Stuxnet worm can infect Windows machines in various forms. According to Microsoft, Stuxnet can spread via a Word document, a website, a remote network share, or through a USB drive. It specifically targets a vulnerability in the code that processes shortcut files with the .lnk suffix. This vulnerability can be found in all versions of Windows.
The worm is believed to have been created to extract design plans and code related to companies within the utilities and industrial manufacturing fields. This sensitive information is usually located in databases that run on the Siemens Simatic WinCC software, which is used to control the major systems primarily within the two aforementioned fields.
Programmable Logic Controllers are also among Stuxnet's targets. These systems are accessed by Windows computers and are responsible for automating several industrial processes. The worm attacks the PLCs and then uploads its own encrypted code.
Although Symantec is not exactly sure what Stuxnet's code does, the company has listed possibilities as to what the worm's creators could use it for. The back door it leaves offers its users a plethora of options. Perhaps the most feared option is the possibility of using it to control actual operations within a plant, such as closing a valve. Other options include accessing the compromised computer to perform actions such as downloading or deleting files, as well as administering processes.
One detailed example was offered by Liam O'Murchu, Symantec Security Response's manager of operations: “For example, at an energy production plant, the attacker would be able to download the plans for how the physical machinery in the plant is operated and analyze them to see how they want to change how the plant operates, and then they could inject their own code into the machinery to change how it works.”
Earlier this month, as a response to the vulnerability in the Windows code, Microsoft issued an emergency patch. The patch itself is not a complete solution, however, as the worm can remain hidden in the code and undetected. For further protection, representatives at Symantec urge affected companies to perform the arduous task of auditing their code to ensure that all of their systems are running properly.
Although it is unknown who is behind the Stuxnet worm, it can be inferred that it is a group or entity with plenty of financial backing, capable of paying for extreme expertise in both the knowledge of programming and industrial systems. When one considers the countries that have been targeted, terrorism definitely is one hypothesis that comes to mind.
For more, visit: http://news.cnet.com/8301-27080_3-20013545-245.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou