By Erin Monda, TMCnet Contributor
The Stuxnet worm has been garnishing large amounts of media attention these days – and for good reason. The worm drops a malicious shortcut into removable drives, compromising network security wherever it goes. It is the first of its kind to feature an uploaded rootkit function that is able to hide injected code located in a Programmable Logic Controller (PLC).
Despite intense speculation about its creator and intended target, however, it has been difficult to analyze, and many questions still loom. That’s why I recently interviewed Andy Hayter, anti-malcode manager at ICSA Labs, a vendor-neutral testing and certification firm that works with hundreds of the world’s top vendors.
Erin: How did the Stuxnet Worm earn its monicker? It’s not a very nice-sounding name.
Andy: I do not have this answer at this time, but will do research to determine who/how it was named.
Erin: How sophisticated is this Malware – what is the most damage it can do?
Andy: Experts in the area of malware analysis are stating that Stuxnet is the most complicated piece of malware to be seen in at least the last 10 years. The malware involves at least 4 zero-day vulnerabilities, 2 signed code certificates and the first malware to infect PLCs. Various levels of expertise were required to develop Stuxnet. It was not created by some wannabe hacker in his basement. Stuxnet can be used to modify the programming of PLCs that at used in a variety of manufacturing or process industry applications. Any where a device needs to be programmatically controlled the worm can inject malicious code into the process. Examples are opening or closing a valve, turning a pump on or off etc.
Erin: Who made this Worm? What are some of the leading theories?
Andy: The Stuxnet worm is so sophisticated and involves many new techniques that it would have required a team of developers with skills in many areas not the least is the specialized knowledge to modify PLC code.
Erin: How can we protect ourselves against it?
Andy: Stuxnet itself is not a major threat unless you are running PLC in the exact prerequisite scenario. However, the new techniques employed by Stuxnet will likely be copied and new variations are likely to be discovered.
**
I thanked Andy for his time and told him I am looking forward to featuring the results of his research into the vile Stuxnet worm.