Stuxnet the Inscrutable

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel. According to Chinese AV company Rising International, as reported by The H, “millions” of systems in China have been affected by Stuxnet. Strangely, I have yet to see much in the way of speculation as to who is “targeting” China, though the Chinese themselves claim that the infection has been spread by US servers. The H suggests that infection on this sort of scale is more likely to derive from the recently-patched printspooler vulnerability rather than the earlier-patched LNK vulnerability.

The Register’s John Leyden has supplemented the same story with a terse summary of a demonstration by Symantec at the recent Virus Bulletin conference of how to burst a balloon with a Programmable Logic Controller. (To be fair, it was a much better presentation than that makes it sound: still, the video here will give you something of the flavour.)

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

Author David Harley, ESET

  • Niels Groeneveld

    David,
    "The Chinese themselves claim that the infection has been spread by US servers."
    Rising software indeed made such claims. However, there does not seem any research which actually identifies any system based in the United States which is used by the StuxNet malware. Rising Software's own research does not identify such a system either (checked their research using Google Translate) ?

    Some background on systems identified and Chinese writeups :

    mypremierfutbol.com
    todaysfutbol.com

    78.111.169.146 Denmark
    211.24.237.226 Malaysia
    193.95.161.220 Ireland

    Antiy: Report on the Stuxnet Worm Attack

    Rising Antivirus: Stuxnet

    (Page 3 for Domains)
    (Comment on US server)
    Kind regards,
    Niels Groeneveld

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.