Threat Database Worms Malware.Stuxnet


Stuxnet is a computer worm that targets computer systems using the Windows operating system. Stuxnet was first detected in June of 2010 and immediately gained the attention of PC security researchers around the world. This is because it appears that Stuxnet is designed to spy on and take over industrial equipment and control systems. Specifically, Stuxnet attacks SCADA process monitoring and control systems, making Stuxnet a significant threat to critical infrastructure such as nuclear power facilities. Stuxnet is also able to reprogram logic controllers and to hide its presence. Stuxnet also includes a rootkit for PLC reprogrammable systems.

The reason why the Stuxnet worm gained widespread media attention is because Stuxnet may have been used to attack certain essential targets in Iran. Malware analysts consider that Stuxnet has the capacity to function as a cybernetic weapon to be used in acts of war, as a way to attack the enemy's infrastructure and computer systems. At the time of the discovery of Stuxnet, it was discovered that almost two thirds of all infected computer systems were found in Iran, giving rise to the theory that its presence was caused by a possible attack on Iran's industrial infrastructure. If this is the case, Stuxnet takes a new, previously unheard-of dimension, since its attacks would necessitate the support of the resources of a sovereign nation.

According to the media and some PC security researchers, it seems that Stuxnet was targeting high-value industrial targets within Iran, including Siemens control systems. Stuxnet attack may have delayed the establishment of the Bushehr nuclear power plant, as well as caused damage to several important Iranian targets. Iranian media sources have claimed that Stuxnet was created to attack their resources, pointing to the American or Israeli secret services as the possible sources for this dangerous computer worm.
While most of the victims of Stuxnet are concentrated in Iran, this dangerous computer worm has attacked thousands of industrial computer systems all around the world. Stuxnet attacks by taking advantage of four specific zero-day vulnerabilities in the WinCC/PCS 7 industrial monitoring and control systems used by Siemens. Initial contact with Stuxnet takes place through an infected external memory drive (such as a USB memory stick) after which Stuxnet can spread to attack all computer systems connected to the infected machine's network.


2 security vendors flagged this file as malicious.

Anti-Virus Software Detection
- Trojan.Win32.Stuxnet
- TrojanDropper:Win32/Stuxnet.A

File System Details

Malware.Stuxnet may create the following file(s):
# File Name Detections
1. %System%\drivers\mrxcls.sys
2. %Windir%\inf\oem6C.PNF
3. %Windir%\inf\mdmeric3.PNF
4. %Windir%\inf\mdmcpq3.PNF
5. %Windir%\inf\oem7A.PNF

Registry Details

Malware.Stuxnet may create the following registry entry or registry entries:


Most Viewed