Symantec to Congress: 'Stuxnet beyond any previous threat'

The Stuxnet worm is a 'wake-up call' because of its complexity and its aim at critical infrastructure systems, a Symantec director has told a US congressional committee.

The malware is a milestone in many ways, according to Dean Turner, director of Symantec Security Response's Global Intelligence Network, speaking on Wednesday in testimony before the US Senate Committee on Homeland Security and Governmental Affairs. It is the first known threat to: spy on and reprogram industrial control systems and grant hackers control of critical infrastructures; use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and hide the code from operators; and include a programmable logic controller (PLC) rootkit to reprogram PLCs and hide the changes, he said.

"Stuxnet is an incredibly large and complex threat," he said. "In fact, it is one of the most complex threats that we have analyzed to date at Symantec.

"Stuxnet demonstrates the vulnerability of critical national infrastructure industrial control systems to attack through widely used computer programs and technology. Stuxnet is a wake-up call to critical infrastructure systems around the world," he said. "Stuxnet has highlighted that direct attacks to control critical infrastructure are possible and not necessarily spy-novel fictions. The real-world implications of Stuxnet are beyond any threat we have seen in the past."

For more on this story, read Symantec to Congress: Stuxnet is 'wake-up call' on CNET News.