Stuxnet is a Windows-specific computer worm first discovered in July 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems,the first to include a programmable logic controller (PLC) rootkit, and the first to target critical industrial infrastructure. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes. Stuxnet includes the capability to reprogram the PLCs and hide its changes.
The worm's probable target is said to have been high value infrastructures in Iran using Siemens control systems. According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant. Although Siemens has stated that the worm has not caused any damage, on November 29, Iran confirmed that its nuclear program had indeed been damaged by Stuxnet.
Russian digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world." Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyberwarfare.
History
The worm was first reported by the security company VirusBlokAda in mid-June 2010, and roots of it have been traced back to June 2009. It contains a component with a build time stamp from 3 February 2010.
In the United Kingdom on 25 November 2010, Sky News announced that it had received information that the Stuxnet worm, or a variation of the virus, had been traded on the black market. Sky News stated that the virus had possibly been traded to a criminal gang or terrorist group and that such a virus was a "tier 1" threat to national security
Removal
Siemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support if an infection is detected and advises installing the Microsoft patch for vulnerabilities and prohibiting the use of third-party USB flash drives.
The worm's ability to reprogram external programmable logic controllers (PLCs) may complicate the removal procedure. Symantec's Liam O'Murchu warns that fixing Windows systems may not completely solve the infection; a thorough audit of PLCs is recommended. In addition, it has been speculated that incorrect removal of the worm could cause a significant amount of damage.
SOURCE : WIKIPEDIA
0 comments:
Post a Comment