News

Cyber weapon Stuxnet hits China

Warwick Ashford

Stuxnet, the computer worm considered to be the world's first cyber weapon, has hit millions of computers in China.

The attacks have infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.

But the China Information Technology Security Evaluation Centre downplayed the malware threat, saying Stuxnet had not caused any severe damage.

A representative said computer users should be aware of Stuxnet, but there was no need to worry, according to the China Post.

Stuxnet's origin and purpose is not fully understood, but experts have raised concerns that the worm appears to be designed to attack systems running critical infrastructure.

This means that in theory attackers could break into computers that control critical systems like nuclear power stations, water supply systems and electrical power grids.

Security researchers have reported finding Stuxnet on Siemens control systems in India, Indonesia, Pakistan and particularly those in nuclear power stations in Iran.

The malware exploits four now patched zero-day vulnerabilities in software from Microsoft and used two valid security certificates to avoid detection.

Security experts say the Stuxnet worm, which appeared more than a year ago, is one of the most sophisticated pieces of malware seen to date.

Researchers have described Stuxnet as a one-of-a-kind, sophisticated malware backed by a well-funded, highly skilled team, leading to speculation it is backed by a country.

According to Mikko Hypponen, chief research officer of security software specialist F-Secure, Israel is the most likely source of Stuxnet, although Egypt, Saudi Arabia and the US as possible creators.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy