StuxNet: prepare for worse in 2011

Kaspersky Lab's analysis of the most serious virus threats of 201 has put Stuxnet as the most dangerous.

Kaspersky Lab's analysis of the most serious virus threats of 201 has put Stuxnet as the most dangerous.

According to Kaspersky, Stuxnet was the most complex piece of malware in cybercriminals' arsenal to date.

Kaspersky said that an analysis of the worm found that it was designed to change the logic within programmable logic controllers (PLCs) embedded into inverters which are used to control the rotation speed of electric motors. These PLCs operate with very high speed motors that have limited applications, such as those in centrifuges.

"The epidemic also marked the beginning of the era of attacks on industrial targets. The worm is unique in that it uses as many as four zero-day Windows vulnerabilities at the same time in order to infiltrate victim computers, and has a rootkit component signed with certificates stolen from integrated circuit manufacturers, Realtek Semiconductors and JMicron."

The Kaspersky report noted that cybercriminals may have bought these files from insiders or stolen them using a backdoor or some other similar piece of malware.

Legitimate signatures are one of the reasons that Stuxnet successfully escaped detection by antivirus programs for quite a long time. Malware signed by valid certificates can easily circumvent even the modern protection mechanisms built into Windows 7, the report warned. Thus, when a signed malicious driver or an ActiveX component is installed on a system, no warning window appears

"Judging by what we are seeing today, the problem of stolen certificates may become even more significant in 2011," according to Kaspersky Lab's Yury Namestnikov, author of the report 'IT Threat Evolution for Q3-2010'.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Antivirus, firewall and IDS products



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: