madison
Home / News & Blogs

Windows systems at risk from Stuxnet attack

Tom Espiner ZDNet UK | July 19, 2010 9:36 AM PDT

Summary

Microsoft is looking into a family of malware that is using a Windows flaw to infiltrate critical infrastructure and other systems in a number of countries.

Topics

Malware, Microsoft Windows, Attack, Stuxnet, Cyberthreats, Viruses And Worms, Security, Spyware, Adware & Malware

Microsoft is looking into a particularly nasty family of malware, which has been labeled 'Stuxnet' by security researchers, and has been seen in the wild in India, Iran, the US and Indonesia, Microsoft said in a blog post on Friday. One of the attack vectors Stuxnet uses is via USB stick. The malware requires no user interaction to infect the system. The operating system merely rendering an icon launches the malware.

"What is unique about Stuxnet is that it utilizes a new method of propagation," wrote Microsoft researcher Tareq Saade in the blog post. "Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system."

The malware, described by security company F-Secure as an "advanced, persistent threat", has infected Siemens WinCC Scada machines. In addition, Russian security company Kaspersky said in a blog post on Saturday that this was the first time its researchers had seen a piece of malware that relies on shortcut files to launch and hide itself.

For more on this story, read Windows systems at risk from Stuxnet shortcut malware on ZDNet UK.

Talkback Most Recent of 57 Talkback(s)

  • Why would you use Windows
    anywhere for critical stuff? May as well just stop locking the doors and give your secrets away.

    Windows has no place anywhere. Period, end of story.
    ZDNet Gravatar
    itguy08
    19th Jul 2010
  • Just go away
    @itguy08

    Go code your emails in Emacs, your math in binary, and and browse the web through a raw telnet session to port 80.

    You are clearly smarter than all of us so you shouldn't hang out here anyway.
    ZDNet Gravatar
    croberts
    19th Jul 2010
  • itguy08 has no place anywhere. Period,
    @itguy08 End of story.
    ZDNet Gravatar
    Lester Young
    19th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @itguy08 agree.
    Windows has the same security model of the Barbie's house.
    If you store money inside your daugther's Barbie house... Don't have high expectations.
    ZDNet Gravatar
    jorge.cordero@...
    19th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @jorge.cordero@...

    That is just a dumb analogy.
    ZDNet Gravatar
    SpankyFrost
    20th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @itguy08 itguy08? Lord your social life must be amazing. Put on your Steve Jobs mask, grab your favorite pocket protector and your iPhone4 and jump off the highest building you can find.
    ZDNet Gravatar
    ZAXDAD66
    19th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @itguy08
    Idiot
    ZDNet Gravatar
    dbreedlo
    20th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @itguy08 Please MS fan boys don't take this personally. I think its only place is as a workstation, of course properly configured to run as non-administrator. Which is not usually the case. MS creates their own problems. As for server environments: Linux,Unix,BSD. I've even seen windows run on top of vxworks for stability issues.
    Windows warning: Mouse movement detected, Please restart your computer.

    ZDNet Gravatar
    techzine
    22nd Nov 2010
  • RE: Windows systems at risk from Stuxnet attack
    So, if I understand correctly, one of the following scenarios must take place in order for the malware to be executed:

    1) The attacker must deliver the USB stick into my hands and convince me to plug it into my computer, or;
    2) The attacker must have physical access to unsecured computer to plug the USB stick into directly.

    While this issue should be corrected, it would seem to me that if the attack is successfully executed, your choice of OS is probably not the most serious security flaw in your system.
    ZDNet Gravatar
    CrazySaint
    19th Jul 2010
  • No, not the attacker
    @CrazySaint

    It's the unsuspecting victim the one who plugs the USB stick into the computer (isn't that what USB sticks are for, to be plugged into computers?)
    ZDNet Gravatar
    OS Reload
    19th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @OS Reload

    I agree that this is an issue that needs addressed; however, even the most secure of operating systems can not fully protect against attack vectors that involve first compromising the user before compromising the computer. If I can convince you to insert my USB stick, I can probably also convince you to execute the file that's on it.
    ZDNet Gravatar
    CrazySaint
    19th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @OS Reload What are you blathering about? How would anyone get this malware on my USB stick? Do it while I'm on bathroom break? Puh-leese. This reeks of industrial espionage.
    ZDNet Gravatar
    MSFTWorshipper
    22nd Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @CrazySaint
    Putting a USB drive into your computer should not present a risk. You should have to actually try to open or execute a file on the drive before you are at any risk. That means that this is an issue that needs to be addressed.

    Of course, with the versions of Windows I am familiar with, the file extension determines if a file is executable, and the default behavior is to hide the file extension. This combination is risky as well. An attacker could give an executable file an icon that looks like a folder and lure a user who is naive or inexperienced enough to still be hiding file extensions into running a program.
    ZDNet Gravatar
    CFWhitman
    26th Jul 2010
  • RE: Windows systems at risk from Stuxnet attack
    @CrazySaint

    You forgot two of the key principles of virus propagation.
    1) No user will voluntarily infect his computer with a virus, UNLESS he's unaware that the source file (or file system) is infected.

    2) If the user A trusts user B, but neither user A nor B know that B's floppy disk, CD-ROM or USB stick is capable of doing harm, then there's no reason why user A will distrust user's B media, unless it looks suspicious or user C (another user) alerts both of them of the risk.
    ZDNet Gravatar
    cosuna
    19th Jul 2010
  • NO the issue is all of the let me help you software that the manufacturers
    @CrazySaint
    are putting on these drives .. all of the self-loading drivers / autorun files .... this was the virus/bug writers front door to our systems ... and any OS will be suspectible to this kind of attack ... not just Windows ... and before the Apple boys no it can't happen to us .. yes it could ... if you use USB drives ... bc guess what they make drives for the Macs too with similar software on it ... :-)))
    So you set your USB to not autorun .. or autoload USB drives you do it manually ... no software involved just OS it self ...
    ZDNet Gravatar
    demartin@...
    19th Jul 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity