Stuxnet industrial worm was written over a year ago
IDG News Service - A sophisticated worm designed to steal industrial secrets has been around for much longer than previously thought, according to security experts investigating the malicious software.
Called Stuxnet, the worm was unknown until mid-July, when it was identified by investigators with VirusBlockAda, a security vendor based in Minsk, Belarus. The worm is notable not only for its technical sophistication, but also for the fact that it targets the industrial control system computers designed to run factories and power plants.
Now researchers at Symantec say that they've identified an early version of the worm that was created in June 2009, and that the malicious software was then made much more sophisticated in the early part of 2010.
This earlier version of Stuxnet acts in the same way as its current incarnation -- it tries to connect with Siemens SCADA (supervisory control and data acquisition) management systems and steal data -- but it does not use some of the newer worm's more remarkable techniques to evade antivirus detection and install itself on Windows systems. Those features were probably added a few months before the latest worm was first detected, said Roel Schouwenberg, a researcher with antivirus vendor Kaspersky Lab. "This is without any doubt the most sophisticated targeted attack we have seen so far," he said.
After Stuxnet was created, its authors added new software that allowed it to spread among USB devices with virtually no intervention by the victim. And they also somehow managed to get their hands on encryption keys belonging to chip companies Realtek and JMicron and digitally sign the malware, so that antivirus scanners would have a harder time detecting it.
Realtek and JMicron both have offices in the Hsinchu Science Park in Hsinchu, Taiwan, and Schouwenberg believes that someone may have stolen the keys by physically accessing computers at the two companies.
Security experts say these targeted attacks have been ongoing for years now, but they only recently started gaining mainstream attention, after Google disclosed that it had been targeted by an attack known as Aurora.
Both Aurora and Stuxnet leverage unpatched "zero-day" flaws in Microsoft products. But Stuxnet is more technically remarkable than the Google attack, Schouwenberg said. "Aurora had a zero-day, but it was a zero-day against IE6," he said. "Here you have a vulnerability which is effective against every version of Windows since Windows 2000."
On Monday, Microsoft rushed out an early patch for the Windows vulnerability that Stuxnet uses to spread from system to system. Microsoft released the update just as the Stuxnet attack code started to be used in more virulent attacks.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- BlackBeard Case Study In this case study, learn how a business with 95% of revenues generated online was hit by DDoS attacks over a 6-month period,...
- Four Ways DNS Can Accelerate Business Growth This e-book describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Network Security White Papers | Webcasts