Windows systems at risk from Stuxnet attack

Windows systems at risk from Stuxnet attack

Summary: Microsoft is looking into a family of malware that is using a Windows flaw to infiltrate critical infrastructure and other systems in a number of countries.

SHARE:
57

Microsoft is looking into a particularly nasty family of malware, which has been labeled 'Stuxnet' by security researchers, and has been seen in the wild in India, Iran, the US and Indonesia, Microsoft said in a blog post on Friday. One of the attack vectors Stuxnet uses is via USB stick. The malware requires no user interaction to infect the system. The operating system merely rendering an icon launches the malware.

"What is unique about Stuxnet is that it utilizes a new method of propagation," wrote Microsoft researcher Tareq Saade in the blog post. "Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system."

The malware, described by security company F-Secure as an "advanced, persistent threat", has infected Siemens WinCC Scada machines. In addition, Russian security company Kaspersky said in a blog post on Saturday that this was the first time its researchers had seen a piece of malware that relies on shortcut files to launch and hide itself.

For more on this story, read Windows systems at risk from Stuxnet shortcut malware on ZDNet UK.

Topics: Windows, Malware, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

57 comments
Log in or register to join the discussion
  • Why would you use Windows

    anywhere for critical stuff? May as well just stop locking the doors and give your secrets away.

    Windows has no place anywhere. Period, end of story.
    itguy08
    • Just go away

      @itguy08

      Go code your emails in Emacs, your math in binary, and and browse the web through a raw telnet session to port 80.

      You are clearly smarter than all of us so you shouldn't hang out here anyway.
      croberts
    • itguy08 has no place anywhere. Period,

      @itguy08 End of story.
      Lester Young
    • RE: Windows systems at risk from Stuxnet attack

      @itguy08 agree.
      Windows has the same security model of the Barbie's house.
      If you store money inside your daugther's Barbie house... Don't have high expectations.
      jorge.cordero@...
      • RE: Windows systems at risk from Stuxnet attack

        @jorge.cordero@...

        That is just a dumb analogy.
        SpankyFrost
    • RE: Windows systems at risk from Stuxnet attack

      @itguy08 itguy08? Lord your social life must be amazing. Put on your Steve Jobs mask, grab your favorite pocket protector and your iPhone4 and jump off the highest building you can find.
      ZAXDAD66
    • RE: Windows systems at risk from Stuxnet attack

      @itguy08
      Idiot
      dbreedlo
    • RE: Windows systems at risk from Stuxnet attack

      @itguy08 Please MS fan boys don't take this personally. I think its only place is as a workstation, of course properly configured to run as non-administrator. Which is not usually the case. MS creates their own problems. As for server environments: Linux,Unix,BSD. I've even seen windows run on top of vxworks for stability issues.<br>Windows warning: Mouse movement detected, Please restart your computer.<br><br>
      techzine
  • RE: Windows systems at risk from Stuxnet attack

    So, if I understand correctly, one of the following scenarios must take place in order for the malware to be executed:

    1) The attacker must deliver the USB stick into my hands and convince me to plug it into my computer, or;
    2) The attacker must have physical access to unsecured computer to plug the USB stick into directly.

    While this issue should be corrected, it would seem to me that if the attack is successfully executed, your choice of OS is probably not the most serious security flaw in your system.
    CrazySaint
    • No, not the attacker

      @CrazySaint

      It's the unsuspecting victim the one who plugs the USB stick into the computer (isn't that what USB sticks are for, to be plugged into computers?)
      OS Reload
      • RE: Windows systems at risk from Stuxnet attack

        @OS Reload

        I agree that this is an issue that needs addressed; however, even the most secure of operating systems can not fully protect against attack vectors that involve first compromising the user before compromising the computer. If I can convince you to insert my USB stick, I can probably also convince you to execute the file that's on it.
        CrazySaint
      • RE: Windows systems at risk from Stuxnet attack

        @OS Reload What are you blathering about? How would anyone get this malware on my USB stick? Do it while I'm on bathroom break? Puh-leese. This reeks of industrial espionage.
        MSFTWorshipper
      • RE: Windows systems at risk from Stuxnet attack

        @CrazySaint
        Putting a USB drive into your computer should not present a risk. You should have to actually try to open or execute a file on the drive before you are at any risk. That means that this is an issue that needs to be addressed.

        Of course, with the versions of Windows I am familiar with, the file extension determines if a file is executable, and the default behavior is to hide the file extension. This combination is risky as well. An attacker could give an executable file an icon that looks like a folder and lure a user who is naive or inexperienced enough to still be hiding file extensions into running a program.
        CFWhitman
    • RE: Windows systems at risk from Stuxnet attack

      @CrazySaint

      You forgot two of the key principles of virus propagation.
      1) No user will voluntarily infect his computer with a virus, <i>UNLESS</i> he's unaware that the source file (or file system) is infected.

      2) If the user A trusts user B, but neither user A nor B know that B's floppy disk, CD-ROM or USB stick is capable of doing harm, then there's no reason why user A will distrust user's B media, unless it looks suspicious or user C (another user) alerts both of them of the risk.
      cosuna
    • NO the issue is all of the let me help you software that the manufacturers

      @CrazySaint
      are putting on these drives .. all of the self-loading drivers / autorun files .... this was the virus/bug writers front door to our systems ... and any OS will be suspectible to this kind of attack ... not just Windows ... and before the Apple boys no it can't happen to us .. yes it could ... if you use USB drives ... bc guess what they make drives for the Macs too with similar software on it ... :-)))
      So you set your USB to not autorun .. or autoload USB drives you do it manually ... no software involved just OS it self ...
      demartin@...
      • RE: Windows systems at risk from Stuxnet attack

        @demartin@... no mac or linux can be infected this way.
        It does not rely on the "autorun" facility. Both systems alerts you of the existence of a autorun program if any, and you must choose to execute it.
        Only reading the content of the USB stick is enough to infect the computer with this particular malware.
        jorge.cordero@...
    • RE: Windows systems at risk from Stuxnet attack

      @CrazySaint I couldn't believe you are so naive. No, it's a spy tool. Random work A at Corporate Entity B sticks USB Drive C into Computer D and installs Malware E beginning the process of sending Trade Secret F through Back Door G.
      prof.ebral
      • RE: Windows systems at risk from Stuxnet attack

        @prof.ebral

        I'm not the one who is naive. It is Corporate Entity B who allows uneducated worker B access to Computer D containing Trade Secret F. My point is that without a break-down in user security this breakdown in computer security would not happen. If the security hole in the shortcut didn't exist, it could just as easily be an auto-run USB or CD-ROM. If auto-run were disabled, the hapless user would just execute the code manually. This hack merely saves time.
        CrazySaint
    • RE: Windows systems at risk from Stuxnet attack

      @CrazySaint user models have nothing to do with it.
      The attack _starts_ on the Internet, infecting files in a classical way either with a vulnerability or from a user who has no malware protection, and the virus then proceeds to write the payload to whatever removable devices it comes across. Viola! You've got yourself one a spicy office virus problem. The payload then proceeds to attack patched machines and then no in winworld is safe.
      jkltechinc
    • #3) It must be a Windows computer.

      @CrazySaint ... if you get the Symmantec Whitepaper Update .PDF file it explains in detail how Stuxnet will exit if it finds a 64-bit system or it is not Windows. Really, Stuxnet has to have a Windows system or it will exit.
      Joe.Smetona