Here is a detailed and awe inspiring article by Wired news regarding the working of Stuxnet, possibly the greatest and most complex computer virus ever written. I will try to capture some of its essence in this article.
Stuxnet was written to spread through USB devices and its main target was Siemens Step7 controllers running Microsoft's OS. These Seimens controllers are mainly used to control mechanical devices like motors, levers, valves,etc. and these were in heavy use at Iran's uranium enrichment facilities. Stuxnet is said to have infected over 50% of computers at these location before anyone knew something was wrong, and as a result Iran's nuclear weapon development program is claimed to have been setback by about 10 years. What is surprising is that Stuxnet is actually a very large program(about 5GB) as opposed to normal viruses which stretch into kilobytes, and the USA was the least affected by this virus even though the US is usually the most hit in other virus attacks. The Stuxnet virus was so organised that its developers could easily swap certain functions as required and update the malicious code easily. Whats more, it never stored Windwows API files(.dll) files in the hard disk as do conventional viruses, so that Anti virus softwares could never detect them. Stuxnet is of the 'zero-day' variety, the most advanced of all viruses. Whats is more interesting is that Stuxnet never used the internet to infect in large numbers like a conventional virus. It was more content on spreading through local area networks which again showcase its single minded purpose of destabilizing Iran's nuclear project.
Stuxnet gathered all working data from the Seimens controllers and passed it on to the attackers. The malicious .dll files would take the place of the good ones from microsoft and then intercept commands from the Siemens Step7 controller. It would then manipulate these commands before being sent to the controllers for the motors and valves controlling the centrifuge's used in the nuclear plant thus wrecking absolute havoc. Developing the Stuxnet code required knowledge of the Siemens Step7 Programmable logic controller which is infact proprietary information that only government agencies know further fueling the speculation that USA and its allies like Israel were behind the development of the super-virus.
Symantec, the Antivirus giant usually spends not more than a couple of days deciphering conventional malware, but as the wired article expatiates, even after a month they had not been able to completely decipher Stuxnet's code. Malware writers usually modify registry values so that the malware they write does not infect their own machines. When the malware sees such values in the registry, it simply shuts down. One such registry value in Stuxnet resembled an important date in jewish history when a jewish business man was shot dead by the firing squad in Iran which served to add to the speculation that Israel might have been involved in Stuxnet's development. Infact, two Iranian nuclear scientists who disclosed some information about the damage that Stuxnet had caused were assasinated a few days after their disclosure. This article is the most fascinating read I have had in a long time. I hope you like it too.
newer posts »
other articles you might like
Share this post ⇒