Stuxnet Trojan Attacks Could Serve as Blueprint for Future Crimeware
Robert Westervelt writes on SearchSecurity:
The Stuxnet Trojan remains a danger to a small minority of firms that run specialized control equipment, but security experts say it could serve as a guide for copycat malware writers, who can reproduce parts of its processes and take better aim at other companies.
"How do you know that the software you are using to support sophisticated manufacturing processes, ranging from uranium centrifuges to automobiles, is not being targeted by some cyberweapon, throwing off your tolerances and measurements?" asked Paul B. Kurtz, managing partner at Arlington, Va.-based GoodHarbor Consulting LLC. "It's something that can be very costly to private industry and ultimately very disruptive to economies."
The worm surfaced in July when it was discovered exploiting a Microsoft Windows file sharing zero-day vulnerability, spreading using the AutoPlay feature for USB sticks and other removable drives. Microsoft issued an emergency update to close the hole, but researchers discovered several other methods used by Stuxnet, including a printer sharing vulnerability, which was patched this month by Microsoft.
Stuxnet was unique in that it contains code that could identify Siemens' Supervisory Control and Data Acquisition (SCADA) software and then inject itself into programmable logic controllers, which automate the most critical parts of an industrial facility's processes -- temperature, pressure and the flow of water, chemicals and gasses. Kurtz, who served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Bill Clinton and George W. Bush, is convinced that the Trojan's end game is to wreak havoc or even destroy critical infrastructure facilities by altering their vital processes.