Stuxnet

Stuxnet is a new piece of malware that is spreading widely through the use of USB flash drives. It is starting to be quite a danger, especially in industrial plants, and many in the security business are getting very nervous. What follows is an FAQ about the Stuxnet malware.

How does Stuxnet spread?

Stuxnet spreads through USB devices. A recently discovered Microsoft Windows vulnerability has been found to allow a program to run just by browsing to a folder that contains a shortcut to it, or a ".lnk" file. Once the worm runs it scans to see if the computer is running software created by a company known as Siemens, which is very popular in certain industries. If this is the case, the worm is able to install itself on the victim computer. It will infect all future removable media that is connected to the computer and installs a rootkit, a very sophisticated type of software that deletes all record of the worm existing on the computer. After that the computer continues to steal as much data as possible from the computer and transmit it back to a remote location.

What does Stuxnet do?

Stuxnet is considered by many people to be the first-ever "control system" malware. What this means is that it has the capability of infecting control systems for large companies and factories that use software created by Siemens. Unfortunately, this software is very widely used, especially in large industrial manufacturing organizations, small and large utilities, and even defense systems. In one case it was found that this software could infect nuclear-powered aircraft carriers.

How widespread is Stuxnet and where is it most common?

At the moment Stuxnet is not that widespread. It is most common in India, Indonesia, Iran, Pakistan, Afghanistan, the United States, and Malaysia, in that order. However, it has the potential to spread very rapidly. It only affects computers running Siemens software, but computers without that software can still act as "carriers," infecting other removable media that is inserted into them. Other countries have seen infections, but mostly they have been localized and have not caused any damage so far.

 

How dangerous is Stuxnet?

This is always the big question with a large virus outbreak. Right now Stuxnet is not that dangerous. Unfortunately, it is targeted at "Control Systems." Siemens is most known for making software for sophisticated systems used in such areas as the military, large industrial plants, and utility plants. If any of these were to be infected the damage could be irreparable. The infection is clearly tailored to steal confidential information and possibly shut down "smart grids." Therefore, while it is not a danger to consumers, any large corporation or plant must be very careful to avoid this infection.

Malware! What is it? How can I Fix it?

Malware, you may have heard the term but not know exactly what it is. Malware is exactly what its name suggests, malicious software. Malware creeps into your computer usually without your consent or disguised as something completely harmless. Malware tries to hinder the use of your computer by stopping the use of legitimate programs like antivirus and firewalls. Malware can enter your computer through many means, one of the most popular ways is through file sharing P2P programs that connect to the guentilla network (ie: Limewire, BearShare, Etc). When you download your favorite song, (like no one really does, right?), a small bit of code can be attached to that sound file and ultimately install itself onto your computer. The type of malware that slows your computer down and hinders your use is only one kind of malware. Another type is Scare-ware, this is my favorite type. Scare-ware does just that, it scares you into buying a false program with false warnings. Scare-ware tells you that you have infections on almost every file you try to run. It scares you into thinking you’re at risk. Anti-Virus Pro and Antivirus 2008/2009/2010 are prime examples of scare-ware. As a computer tech, I can tell you that it’s costly to get rid of and downright annoying.

One of my favorite programs to use is Malware Bytes Anti-Malware. This program works wonders and the free version is amazing if you know you’re already infected. Malware Bytes offers quick and full scan capabilities. “Quick scanning” scans all of the processes and files called currently into memory and determines if they are infected. “Full scanning” scans all of your files and registry keys to seek out the bad malware. When an infection is found, Malware Bytes gives you the option of deleting or leaving the file (as a tech tip…just delete the file). Personally, I’ve even seen Malware Bytes take out the nasty polymorphic virus VIRUT. I suggest trying the free version and, after falling in love with it, go ahead and buy the full version. Buying the full version unlocks real-time protection, scheduled scanning and scheduled updating.

Another new tool that is out is Microsoft’s Security Essentials. I have played around with it, and I’ve seen it catch a few nasty worms and viruses that other software is not finding.

I once used Adaware, as I know most of you have heard of and use. I find Malware Bytes to be faster and more reliable.

Please leave comments if you have any questions, comments or concerns.

Malware Bytes Anti-Malware can be downloaded at http://www.malwarebytes.org

Microsoft Security Essentials can be downloaded from http://www.microsoft.com/Security_Essentials