Open in app

Sign in

Write

Sign in

Stuxnet Worm

Vishnu Shivalal P
2 min readSep 18, 2022

Stuxnet is a computer worm which was discovered in June 2010. It was a powerful and malicious computer worm. Rumors are this computer worm was developed by the US and Israel agencies to infiltrate Iran’s nuclear facilities. This computer worm was specifically written to take over programmable industrial control systems. Stuxnet was the first computer worm/virus to cause physical destruction of infected devices. It exploited Windows zero-day vulnerabilities to infect target systems and spread to other systems.

Working of Stuxnet Worm

Stuxnet is a highly sophisticated and intrusive piece of malware. However, It is carefully created to infect only targets with specific configurations and cause minimum damage to other devices. Stuxnet was transmitted via USB sticks carried by agents inside the facilities.

Stuxnet is a complex malware. It has a code for man-in-the-middle (MITM) attack that fakes sensor signals, so that the targeted system won’t shutdown due to the abnormal behavior. The three systemic layers which Stuxnet Worm targets are:

  • Windows OS
  • Siemens PCS 7, WinCC and STEP7 industrial software applications
  • Siemens S7 programmable logic controller

Stuxnet Worm infiltrated Windows systems by exploiting various zero-day vulnerabilities such as Remote Code Execution (RCE). This malware accesses both user and kernel levels. Its device drivers are signed by two public certificates, so it can access kernel drivers without user’s knowledge and remains undetected for a long time.

After penetrating Windows systems, Stuxnet Worm infects files belonging to Siemens industrial software applications and disrupts their communications. It also modifies the code on Programmable Logic Controllers (PLC) devices.

Stuxnet installs malware codes in PLC monitors. Then it constantly changes the system’s frequency and affects the operation of motors by changing their rotational speed. Stuxnet also contains a rootkit that hides the worm from monitoring systems.

Legacy of Stuxnet Worm

The Stuxnet Worm attack expired on June 12 and Siemens issued fixes for its PLC softwares. But the legacy of Stuxnet lives on in other malware attacks based on the original Stuxnet code. These “Sons of Stuxnet” include:

  • Duqu (2011)
  • Flame (2012)
  • Havex (2013)
  • Industroyer (2016)
  • Triton (2017)

Malware Details

Common Name: Stuxnet

Technical Name: As Stuxnet

By Microsoft

Worm: Win32/Stuxnet.[Letter]

TrojanDropper: Win32/Stuxnet

By Kaspersky

Worm.Win32.Stuxnet

By Symantec

W32.Stuxnet

W32.Stuxnet!Ink

Classification: Computer Worm

Type: Dropper

Targeted OS: Windows

  • Windows 2000
  • Windows XP
  • Windows 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
Stuxnet
Malware
Information Security
Cybersecurity
Virus

--

--

Vishnu Shivalal P
Vishnu Shivalal P

Written by Vishnu Shivalal P

503 Followers
95 Following

Cyber Security Engineer | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams