Stuxnet the Inscrutable

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel. According to Chinese AV company Rising International, as reported by The H, “millions” of systems in China have been affected by Stuxnet. Strangely, I have yet to see much in the way of speculation as to who is “targeting” China, though the Chinese themselves claim that the infection has been spread by US servers. The H suggests that infection on this sort of scale is more likely to derive from the recently-patched printspooler vulnerability rather than the earlier-patched LNK vulnerability.

The Register’s John Leyden has supplemented the same story with a terse summary of a demonstration by Symantec at the recent Virus Bulletin conference of how to burst a balloon with a Programmable Logic Controller. (To be fair, it was a much better presentation than that makes it sound: still, the video here will give you something of the flavour.)

ESET Senior Research Fellow

Author David Harley, ESET

  • Niels Groeneveld

    "The Chinese themselves claim that the infection has been spread by US servers."
    Rising software indeed made such claims. However, there does not seem any research which actually identifies any system based in the United States which is used by the StuxNet malware. Rising Software's own research does not identify such a system either (checked their research using Google Translate) ?

    Some background on systems identified and Chinese writeups : Denmark Malaysia Ireland

    Antiy: Report on the Stuxnet Worm Attack

    Rising Antivirus: Stuxnet

    (Page 3 for Domains)
    (Comment on US server)
    Kind regards,
    Niels Groeneveld

Follow us

Copyright © 2017 ESET, All Rights Reserved.