Stuxnet looks for industrial control systems and then changes the code in them to allow the attackers to take control of these systems without the operators knowing. In other words, this threat is designed to allow hackers to manipulate real-world equipment, which makes it very dangerous.
It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems.
The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.
"We've definitely never seen anything like this before," said Liam O’Murchu, Researcher, Symantec Security Response. "The fact that it can control the way physical machines work is quite disturbing."
Download the updated W32.Stuxnet Dossier, November 2010 (PDF)
Read the Symantec Security Response Blog post on the W32.Stuxnet Dossier
Watch the video "Stuxnet: How It Infects PLCs"
CNN: "Stuxnet: Fact vs. Theory", October 5, 2010
ZDNet: "Stuxnet: A possible attack scenario", October. 1, 2010
National Public Radio: "Stuxnet Computer Worm Has Vast Repercussions", October. 1, 2010
PCMagazine: "Symantec Puts 'Stuxnet' Malware Under the Knife", October. 1, 2010
FOX News: "Pssst! Wanna Buy a Dangerous Security Hack?", September 29, 2010
Business Week: "Computer Worm May Be Targeting Iranian Nuclear Sites", September 24, 2010
Reuters: "Cyber attack appears to target Iran -US tech firm", September 24, 2010
CBS Evening News featuring Symantec’s Liam O’Murchu, September 16, 2010
Read what Symantec security researchers have written on Stuxnet worm:
Stuxnet: A Breakthrough, November 12
Stuxnet: Target Still Unknown, November 3
Detecting PLC Infections, October 8
Stuxnet Infection of Step 7 Projects, September 26
Stuxnet Before the .lnk File Vulnerability, September 24
Exploring the Stuxnet PLC Infection Process, September 21
Stux to Be You, September 21
Stuxnet P2P component, September 17
Stuxnet Using Three Additional Zero-Day Vulnerabilities, September 14
Sneakernet Revisited, August 5
W32. Stuxnet Variants, July 29
Distilling W32.Stuxnet Components, July 22
W32.Stuxnet Network Information, July 22
Hackers Behind Stuxnet, July 21