Archive for October, 2010

Symantec Releases a Comprehensive Report about Stuxnet

October 5, 2010 Leave a comment

Symantec released one of the most comprehensive “publicly available” reports about Stuxnet. The paper was first released in the recently concluded conference Virus Bulletin 2010.

Stuxnet Infection Stats - Symantec corporation 2010

Stuxnet Infection Stats - Symantec corporation 2010

Quoting Symantec’s blog ” We’re pleased to announce that we’ve compiled the results of many weeks of fast-paced analysis of Stuxnet into a white paper entitled the W32.Stuxnet Dossier. On top of finding elements we described in the ongoing Stuxnet summer blog series, you will find all technical details about the threat’s components and data structures, as well as high level information, including:

Attack scenario and timeline
Infection statistics
Malware architecture
Description of all the exported routines
Injection techniques and anti-AV
The RPC component
Propagation methods
Command and control feature
The PLC infector

The full report can be downloaded HERE

My Comments:

According to the report from Symantec, the infected hosts have reached nearly 100,000. which is about right.
It’s very alarming that such a high number of infections can/did take place on “supposedly” some of the world’s most mature and security oriented organizations, due to their critical nature of business. Apparently this “false security” is not limited to Iran only but to 155 countries !!!.

If we can get away from Stuxnet with just one lesson it’s the fact that direct and specially crafted attacks against critical infrastructures are real.

The damage that those few lines of code can incur in the real world is like nothing we have seen in the history of computers. A typical worm can steal your credit card information or your personal email password. But worms like Stuxnet can put critical infrastructures like a nuclear facility for instance under a threat that can deprive wide areas of land from any form of life for hundreds of years.

This worm should challenge and question our misconception that malicious programs can at best cause serious financial loss or personal information leakage, but never a human life.