Barracuda: Stuxnet 'underplayed and overplayed'
The Stuxnet worm is highly complex, but it is not widespread and is missing a clean-up mechanism, Barracuda's CRO says.
The qualities of the notorious Stuxnet virus have been underplayed in terms of its sophistication, yet overplayed in terms of its prevalence.
So says Dr Paul Judge, chief research officer and vice president of cloud services at Barracuda Networks, who noted whilst Stuxnet was "probably the most complex piece of malware" ever seen, it was not particularly widespread.
In terms of its spread, it paled in comparison to threats like Zeus and the Kracken or Mariposa botnets, Judge told IT PRO at a Barracuda conference in Austria.
He also noted a flaw in Stuxnet itself, in that the creators forgot to put in a clean-up mechanism.
"If there was a clean-up mechanism in Stuxnet, we never would have known about it," Judge said.
"The question then is, how many very targeted attacks [are] out there like this that the community doesn't get to talk about."
Regardless of this possible mistake by the worm's creators, Judge agreed with other members of the security industry this was the work of an organised team and they had created something vastly complex.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"This wasn't some guy at night doing it at the weekends, these guys went to an office and they had status reports. This was very organised," he added.
His comments came after Microsoft fixed a vulnerability that could have been exploited by Stuxnet earlier this week in its Patch Tuesday release.
Microsoft had previously said it would be fixing four vulnerabilities targeted by Stuxnet, three of which have now been patched.
In a blog post, the Redmond giant explained it expected to address the final flaw in an upcoming bulletin.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.