This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel. According to Chinese AV company Rising International, as reported by The H, “millions” of systems in China have been affected by Stuxnet. Strangely, I have yet to see much in the way of speculation as to who is “targeting” China, though the Chinese themselves claim that the infection has been spread by US servers. The H suggests that infection on this sort of scale is more likely to derive from the recently-patched printspooler vulnerability rather than the earlier-patched LNK vulnerability.
The Register’s John Leyden has supplemented the same story with a terse summary of a demonstration by Symantec at the recent Virus Bulletin conference of how to burst a balloon with a Programmable Logic Controller. (To be fair, it was a much better presentation than that makes it sound: still, the video here will give you something of the flavour.)
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET