There’s a new worm in town, and it’s called “Stuxnet”. Unlike previous worms, which required the user to run a program, have “autorun” enabled, load a document into a spreadsheet or word processor, or at least look at the file in some manner, this worm is triggered by simply viewing the folder. The vulnerability even affects Windows 7, and as of today there is no fix yet from Microsoft.

For example, placing an infected USB stick into the computer on Windows 7 will, by default, ask you what you want to do.  Being a smart person, you know to avoid the “autorun” option, and instead opt for “open folder” choice, to see what sort of files are on it. That act alone will trigger the worm. Same thing with “My computer” and then double-clicking the USB stick, or navigating to any folder with the infection in it.

According to an article from Microsoft:

What is unique about Stuxnet is that it utilizes a new method of propagation. Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system. In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction.

The scary part is that it targets industrial control systems. According to a recent article in Security Technology News:

Stuxnet is a virus that has been designed to specifically attack software programs running Supervisory Control and Data Acquisition (SCADA) systems, which monitor automated industrial control systems such as chemical factories, power generators and food processing plants.

The threat carried by Stuxnet worm is that once it infects a computer, it begins to communicate with a remote server that will be able to take control of the computer.

Finally, here’s a link to an article on the ESET blog with further details, and you can get a list of numerous ESET articles on Stuxnet by clicking here.

2 Comments

  1. Iran was main target of SCADA spyware worm | laptop computers blog says:

    […] The Stuxnet worm « RunOnFriday.com Blog […]

  2. 網路攝影機 says:

    Good piece of details that you’ve obtained on this web site submit. Hope I might get some a lot more of the stuff in your website. I will occur again.

Leave a Reply

You must be logged in to post a comment.