Sign up to our newsletter
The latest security news direct to your inbox
This is the 3rd volume of an ongoing Stuxnet resources blog article, supplementing our paper "Stuxnet Under the Microscope". Volume 1 is at /2011/01/03/stuxnet-information-and-resources/, and volume 2 is at /2011/01/20/stuxnet-information-and-resources-2/.
Added 30th March 2011
Nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx.
Eugene Kaspersky suggests that it's easy for blackhats to repurpose Stuxnet's code to attack other systems, and brings in some tenuously related earlier problems (power failures on the US East Coast in 2003, the Spanish air-crash in 2008). I'm not convinced… http://computerworld.co.nz/news.nsf/news/cut-price-stuxnet-successors-possible-kaspersky
Ralph Langner's TED talk is online: http://on.ted.com/Stuxnet
(ISC)2 Government Advisory Board Executive Writers Bureau, not altogether accurately, on some of the technical points, on How Stuxnet changed the security game.
Added 8th March 2011
Kelly Jackson Higgins in a Dark Reading article tells us that Malware Attacks Decline In SCADA, Industrial Control Systems, quoting a report published by the Security Incidents Organization drawing on its Repository of Industrial Security Incidents (RISI) database.
One aspect that's attracted attention on specialist lists is the mention of a large US power company (unnamed) that experienced infections of 43 operator and programming stations.
Added 5th March 2011
Added 4th March 2011:
Ralph Langner at the TED Conference, as summarized by the BBC: US and Israel were behind Stuxnet claims researcher.
Added 3rd March:
Added 2nd March:
Added 24th February:
7th February update to entry for 6th February 2011: The Reuters article refers to a statement by the Russian ambassador to NATO claiming that Stuxnet could have caused "another Chernobyl": more info at http://www.csoonline.com/article/659165/stuxnet-could-have-caused-new-chernobyl-russian-ambassador-says?source=rss_data_protection. Hat tip to @FSecure.
7th February 2011: Tip of the hat to Gary Mauvais for alerting me to an article by Nima Bagheri, CEO of U0vd: The Art of Deception for Stuxnet in Iran. While the article doesn't read like the "authoritative" view from Iran, it makes some useful, sensible points and doesn't push an overt political agenda, though the conclusion does support what does appear to be the official Iranian line that this was an attack against Iranian nuclear operations, but that it wasn't successful.
6th February 2011: Iran says Stuxnet claims need investigating, while still maintaining that reports of major damage to the Bushehr plant were a malicious campaign by countries hostile to Tehran's nuclear program, and despite previous claims of no direct damage to its nuclear programme. (Reuters)
1st February 2011: an article by William Gibson (yes, that William Gibson) draws a connection between Brain (a 25-year-old PC virus) and Stuxnet. 25 Years of Digital Vandalism. He doesn't seem to think much of Stuxnet, drawing a much-to-the-point riposte from Bob McMillan: http://twitter.com/#!/bobmcmillan/status/30533396702699520.
23rd January 2011: a major addition to the speculative material available on Stuxnet, plus a couple of cynical asides from the Twitterverse. (I can't believe I said "Twitterverse"…)
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, ESET