1. Symantec/
  2. The Stuxnet Worm

The Stuxnet Worm

The Stuxnet Worm
Stuxnet is a computer worm that targets industrial control systems that are used to monitor and run large scale industrial facilities like power plants, dams, assembly lines and similar operations.

Free Assessment for Qualifying Enterprises

How Stuxnet Worm Works

Stuxnet looks for industrial control systems and then changes the code in them to allow the attackers to take control of these systems without the operators knowing. In other words, this threat is designed to allow hackers to manipulate real-world equipment, which makes it very dangerous.

It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems.

The worm is made up of complex computer code that requires lots of different skills to put it together. Symantec security experts estimate it took five to ten people to work on this project for six months. In addition, knowledge of industrial control systems was needed along with access to such systems to do quality assurance testing; again indicating that this was a highly organized and well-funded project.

"We've definitely never seen anything like this before," said Liam O’Murchu, Researcher, Symantec Security Response. "The fact that it can control the way physical machines work is quite disturbing."

W32.Stuxnet Explained
Download the updated W32.Stuxnet Dossier, November 2010 (PDF)
Read the Symantec Security Response Blog post on the W32.Stuxnet Dossier
Watch the video "Stuxnet: How It Infects PLCs"

Stuxnet in the News

CNN: "Stuxnet: Fact vs. Theory", October 5, 2010

ZDNet: "Stuxnet: A possible attack scenario", October. 1, 2010

National Public Radio: "Stuxnet Computer Worm Has Vast Repercussions", October. 1, 2010

PCMagazine: "Symantec Puts 'Stuxnet' Malware Under the Knife", October. 1, 2010

Washington Post: "U.S. power plants at risk of attack by computer worm like Stuxnet", October. 1, 2010

FOX News: "Pssst! Wanna Buy a Dangerous Security Hack?", September 29, 2010

Business Week: "Computer Worm May Be Targeting Iranian Nuclear Sites", September 24, 2010

Reuters: "Cyber attack appears to target Iran -US tech firm", September 24, 2010

CBS Evening News featuring Symantec’s Liam O’Murchu, September 16, 2010

Security Response Blog Entries

Read what Symantec security researchers have written on Stuxnet worm:

Stuxnet: A Breakthrough, November 12

Stuxnet: Target Still Unknown, November 3

Detecting PLC Infections, October 8

Stuxnet Infection of Step 7 Projects, September 26

Stuxnet Before the .lnk File Vulnerability, September 24

Exploring the Stuxnet PLC Infection Process, September 21

Stux to Be You, September 21

Stuxnet Print Spooler Zero-Day Vulnerability not a Zero-Day at All?, September 17

Stuxnet P2P component, September 17

Stuxnet Using Three Additional Zero-Day Vulnerabilities, September 14

Stuxnet Introduces the First Known Rootkit for Industrial Control Systems, August 6

Sneakernet Revisited, August 5

W32. Stuxnet Variants, July 29

Distilling W32.Stuxnet Components, July 22

W32.Stuxnet Network Information, July 22

Hackers Behind Stuxnet, July 21

W32. Stuxnet - Commonly Asked Questions, July 16

Free Assessment

    Qualifying enterprises can receive a free assessment by Symantec experts. Can the Stuxnet worm harm your business?
  • Learn more

Technical Information

We Can Help

  • Symantec offers security solutions that help you stop threats like Stuxnet in their tracks.

    Learn more