Press Center

ESET Analysis: Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran

SAN DIEGO – July 19, 2010 – ESET, the leader in proactive threat protection, has issued a warning against a worm dubbed Win32/Stuxnet, which threatens users around the globe. Exploiting a vulnerability in Windows® Shell, this dangerous threat is detected by ESET as LNK/Autostart.A. It is used in targeted attacks to penetrate SCADA systems, especially in the United States and Iran. SCADA are supervisory and monitoring systems used in many industries, for instance in power engineering.

According to ESET Virus Lab, the worm has been active for several days, lately in the U.S. and Iran withalmost 58 percent of all infections being reported in the United States, 30 percent in Iran and slightly over four percent in Russia. The cyber attacks in the U.S. and heightened activity of the worm in Iran come in the wake of persisting tensions between the two nations over nuclear ambitions of this Middle Eastern country.

"This worm is an exemplary case of targeted attack exploiting a zero-day vulnerability, or, in other words, a vulnerability which is unknown to the public. This particular attack targets the industrial supervisory software SCADA. In short – this is an example of malware-aided industrial espionage. The question is why the chart of affected nations looks as it does," said Juraj Malcho, head of the Virus Lab at ESET's global headquarters in Bratislava, Slovakia.

Most of the damage caused by the worm is limited to industrial targets, with home users being much less affected. "So far, the number of infected PCs are in the tens of thousands, but likely to rise," elaborates Malcho. According to ESET analysis, the Stuxnet worm in and of itself poses no greater threat for home users than the average computer threat. The danger lies in the Windows® OS vulnerability connected with processing of LNK files. Experts expect even more malware families to begin to exploit this security gap in the near future.

An interesting angle to this story is how the worm spreads. "For a truly targeted attack it would have been coded to make specific checks to see that it only ran where it was supposed to and did not spread. Spreading increases the odds of detection. If the attack was aimed at only US systems, then the attacker would not want the code appearing all over the world. This fact might indicate a number of potential attackers," said Randy Abrams, director of technical education at ESET in the U.S. "The ability to attack power grids throughout the world would be very appealing to terrorist groups," concludes Abrams.

ESET security solutions effectively detect and clean this threat. A patch from Microsoft is expected to be issued soon as well. Additional information and continuous updates can be found at http://blog.eset.com/2010/07/19/win32stuxnet-signed-binaries.

About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Version 2 Singapore Pte Ltd is the local office of Version 2 Limited.
For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.