Stuxnet: Smarter -- and deadlier -- than the average worm

Every few years, a malware program comes along that ups the ante in the world of IT security risks. Code Red infected a ton of IIS Web servers in 2001 and led to Microsoft's increased focus on secure software development. In 2003, SQL Slammer infected nearly every unpatched SQL server on the Internet in 10 minutes. The MS-Blaster worm revealed the chewy center of most firewall-protected perimeters. The big worms Sobig, MyDoom, Netsky, and Bagle proved that hackers didn't need unprotected open SMTP relays to send spam. Banking Trojans taught us that nearly any authentication protection can be easily bypassed in order to empty bank accounts.

Now we have Stuxnet, which has deservedly garnered a fair share of media coverage over the past few months. The malware is unlike any threat we've previously seen. If Stuxnet is a sign of things to come, it will be difficult to believe that our biggest malware fears were merely boot viruses, rogue file attachments, and macro viruses.

For starters, Stuxnet is the first worm directly coded to attack power plant and industrial control systems, which fall under the category of SCADA supervisory control and data acquisition systems. Although SCADA systems are already widely known and notorious for lacking conventional security controls, Stuxnet looks for specific SCADA systems, such as Siemens; if successful, it infects them, reprograms their PLCs (programmable logic controllers), and hides with the first SCADA-specific rootkit. (Symantec offers an excellent layman's analysis of this particular part of the worm in a whitepaper called "W32_Stuxnet Dossier.")

The theory is that Stuxnet's creators want the ability to remotely control and exploit power plants. Many observers believe Iran was a direct target, given that it ended up with the vast majority of infections. Further buttressing this hypothesis the appearance of the word "Myrtus" within the worm. Myrtus could be a Biblical reference to a story involving a Persian plot.

Unbeknownst to most people, power plants and other industrial systems have been under direct attack for many years. http://www.computerworld.com/s/article/9130080/Expert_Hackers_penetrating_industrial_control_systems">At least one expert has claimed that controls systems have been compromised at least 125 times, with one such incident contributing to a death in the United States. I haven't seen the source documentation and evidence of this, however. The U.S. NERC agency has publicly stated that no deaths or disruptions in service have yet occurred due to computer compromises -- but the two data sets may not overlap completely.
<snip>

http://www.infoworld.com/d/security-central/stuxnet-smarter-and-deadlier-the-average-worm-809