News

StuxNet: prepare for worse in 2011

Kaspersky Lab's analysis of the most serious virus threats of 201 has put Stuxnet as the most dangerous.

According to Kaspersky, Stuxnet was the most complex piece of malware in cybercriminals' arsenal to date.

Kaspersky said that an analysis of the worm found that it was designed to change the logic within programmable logic controllers (PLCs) embedded into inverters which are used to control the rotation speed of electric motors. These PLCs operate with very high speed motors that have limited applications, such as those in centrifuges.

"The epidemic also marked the beginning of the era of attacks on industrial targets. The worm is unique in that it uses as many as four zero-day Windows vulnerabilities at the same time in order to infiltrate victim computers, and has a rootkit component signed with certificates stolen from integrated circuit manufacturers, Realtek Semiconductors and JMicron."

The Kaspersky report noted that cybercriminals may have bought these files from insiders or stolen them using a backdoor or some other similar piece of malware.

Legitimate signatures are one of the reasons that Stuxnet successfully escaped detection by antivirus programs for quite a long time. Malware signed by valid certificates can easily circumvent even the modern protection mechanisms built into Windows 7, the report warned. Thus, when a signed malicious driver or an ActiveX component is installed on a system, no warning window appears

"Judging by what we are seeing today, the problem of stolen certificates may become even more significant in 2011," according to Kaspersky Lab's Yury Namestnikov, author of the report 'IT Threat Evolution for Q3-2010'.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy