A Malware Anniversary to Remember
Once in a while, a piece of malware will come along that grabs headlines. Rarer is malware that is talked about around the water cooler (at places other than Symantec). But the rarest of all is malware that actually makes history. It is for just such a piece of malware that we observe the one year anniversary this month.
Roughly around this time one year ago, a Belarusian computer security company reported finding malicious code designed to exploit a new Microsoft Windows vulnerability, dubbed the .LNK vulnerability. Little did they know this malware would change the world.
The fact that the malware exploited a zero-day vulnerability is significant, but certainly not history making. So, what made this malware so special? After the initial discovery, Symantec’s in-depth analysis of this particular malware ensued. Thousands of man hours analyzing 500 kilobytes of code later, the .LNK vulnerability was shown to be just the tip of the iceberg, and a very dangerous iceberg at that.
Not only did the malware utilize the previously unknown .LNK vulnerability, but it also exploited three additional zero-day vulnerabilities. This was simply unheard of in any previous threats. In addition, the threat included a Windows rootkit, the first ever programmable logic controller rootkit, sophisticated antivirus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates and a command-and-control interface. Stuxnet stands out as one of the most complex threats observed by any vendor to date.
As impressive as all this is to those in the security field, it still would not likely be enough to change the world. What made Stuxnet particularly earth shattering was that it was designed to take a never before seen leap from the digital world into the physical world. Sure, plenty of malware is designed to steal information and pilfer banking accounts, both of which have indirect impacts on our real-world lives to be sure.
However, Stuxnet went well beyond that. Its purpose was to reprogram industrial control systems—computer programs used to manage industrial environments such as power plants, oil refineries, and gas pipelines. Its final goal was to manipulate the physical equipment attached to specific industrial control systems so the equipment acted in a manner programmed by the attacker, contrary its intended purpose. Such an outcome could have several underlying goals, but sabotage, destruction, and cyber warfare were the most obvious.
Add to all this that Symantec determined the most likely target of this malware to have been nuclear energy facilities in Iran, and one begins to understand the deep political and social ramifications of such malware. Indeed, Stuxnet changed the world.
If you’re interested in learning more about Stuxnet, we encourage you to review Symantec’s Stuxnet-related resources and guides, which can be found here.