ANALYSIS With so many different forms of threats out there, it is rare that one comes along to stand out from the crowd.
Stuxnet is something unique, however. It has been causing something of a stir in the security community since it was first spotted by a small company from Belarus named VirusBlokAda.
When Microsoft put out an alert over the virus in July, Stuxnet quickly moved from being a relative unknown to something serious.
Then earlier this month, Stuxnet was observed doing something unprecedented: exploiting four zero-day vulnerabilities at once. It is this advanced capability that has caused such a commotion.
So how has it made such a splash in such a small amount of time and what are hackers doing with it?
How does it work?
A trio of big time companies, including Microsoft itself, Kaspersky and Symantec, has been busy tracking the worm.
When it was first identified, Stuxnet was found using a .lnk file vulnerability to spread through USB drives.
Microsoft explained that with this, Stuxnet takes advantage of specially-crafted shortcut files the .lnk files - placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system.
"In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction," Microsoft explained.
As for the four other vulnerabilities Stuxnet has been found exploiting, one is the same as a flaw used by the notorious Conficker worm last year.
Another uses a vulnerability in the Windows Print Spooler to spread, taking advantage of this weakness to send malicious code to a remote computer where it is then executed.
"By virtue of the features of this vulnerability, the infection can spread to computers using a printer or through shared access to one. Having infected a computer connected to a network, Stuxnet then attempts to spread to other computers," Kaspersky explained.
All of these vulnerabilities have now been patched, but two remain, although they are less serious.
These unpatched security holes are used by Stuxnet to let the attacker move from having limited control over a computer, up to privileged access, meaning a system could be completely compromised. Microsoft has said it intends to fix these in a future security bulletin.
-
Global cybersecurity spending is set to rise 12% in 2025 – here are the industries ramping up investmentNews Global cybersecurity spending is expected to surge this year, fueled by escalating state-sponsored threats and the rise of generative AI, according to new analysis from IDC.
-
Google Cloud is leaning on all its strengths to support enterprise AIAnalysis Google Cloud made a big statement at its annual conference last week, staking its claim as the go-to provider for enterprise AI adoption.
-
The threat prevention buyer's guideWhitepaper Find the best advanced and file-based threat protection solution for you
-
Supply chain as kill chainWhitepaper Security in the era Zero Trust
-
Microsoft under fire for “negligent” security practices in scathing critique by industry execNews Microsoft took more than 90 days to issue a partial fix for a critical Azure vulnerability, researchers found
-
Apple patches zero day linked to spyware campaignNews Kaspersky researchers were the first to report a zero day used in a sophisticated attack chain
-
MOVEit cyber attack: Cl0p sparks speculation that it’s lost control of hackNews The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew
-
Microsoft says it knows who was behind cyber attacks on MOVEit TransferDozens of organizations may have already lost data to hackers exploiting the critical flaw
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
-
Windows, macOS, and Tesla exploits debuted at Pwn2Own hacking contestNews Researchers took home more than $375,000 in winnings on the first day of the competition
