Malware.Stuxnet

Malware.Stuxnet Description

Stuxnet is a computer worm that targets computer systems using the Windows operating system. Stuxnet was first detected in June of 2010 and immediately gained the attention of PC security researchers around the world. This is because it appears that Stuxnet is designed to spy on and take over industrial equipment and control systems. Specifically, Stuxnet attacks SCADA process monitoring and control systems, making Stuxnet a significant threat to critical infrastructure such as nuclear power facilities. Stuxnet is also able to reprogram logic controllers and to hide its presence. Stuxnet also includes a rootkit for PLC reprogrammable systems.

The reason why the Stuxnet worm gained widespread media attention is because Stuxnet may have been used to attack certain essential targets in Iran. Malware analysts consider that Stuxnet has the capacity to function as a cybernetic weapon to be used in acts of war, as a way to attack the enemy's infrastructure and computer systems. At the time of the discovery of Stuxnet, it was discovered that almost two thirds of all infected computer systems were found in Iran, giving rise to the theory that its presence was caused by a possible attack on Iran's industrial infrastructure. If this is the case, Stuxnet takes a new, previously unheard-of dimension, since its attacks would necessitate the support of the resources of a sovereign nation.

According to the media and some PC security researchers, it seems that Stuxnet was targeting high-value industrial targets within Iran, including Siemens control systems. Stuxnet attack may have delayed the establishment of the Bushehr nuclear power plant, as well as caused damage to several important Iranian targets. Iranian media sources have claimed that Stuxnet was created to attack their resources, pointing to the American or Israeli secret services as the possible sources for this dangerous computer worm.
 
While most of the victims of Stuxnet are concentrated in Iran, this dangerous computer worm has attacked thousands of industrial computer systems all around the world. Stuxnet attacks by taking advantage of four specific zero-day vulnerabilities in the WinCC/PCS 7 industrial monitoring and control systems used by Siemens. Initial contact with Stuxnet takes place through an infected external memory drive (such as a USB memory stick) after which Stuxnet can spread to attack all computer systems connected to the infected machine's network.

Aliases: Trojan.Win32.Stuxnet and TrojanDropper:Win32/Stuxnet.A.

Technical Information

Registry Details

Malware.Stuxnet creates the following registry entry or registry entries:
RegistryKey
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXCLS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxCls]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MRXCLS\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXCLS\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MRXCLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MRXCLS\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxCls\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MRXCLS\0000\Control]

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.