Hot on HuffPost Tech:

See More Stories
AOL Tech

Stuxnet Worm Is Straight Out of a Cyber Espionage Thriller

stuxnet wormDescribing a piece of code as the "best malware ever" seems a bit oxymoronic, but Stuxnet might actually fit the bill. The malware has been operating undetected since early this year. In June, it was finally identified by a small security company in Belarus called VirusBlokAda. By early August, Microsoft had confirmed and patched an exploit that Stuxnet was using to target PCs running Windows, but that was just the beginning of the saga. It turns out that the worm exploited not one but four unpatched, zero-day vulnerabilities, as well as some patched ones like the flaw that allowed Conficker to spread to millions of machines. (Microsoft has since patched all but two lower-risk exploits associated with Stuxnet.)

Researchers from both Kaspersky and Symantec say they have never seen a piece of malware utilize that many avenues of attack. "That's really, really crazy," Liam O Murchu of Symantec told InfoWorld. (Honestly, that's not the response we want to hear from our security experts.) In addition to seriously heavy firepower, Stuxnet boasts a laser-like focus. It specifically targets so-called SCADA systems that control large-scale industrial facilities like factories, power plants, oil pipelines and even military installations. Once inside a network, often thanks to being planted with an infected USB drive, the worm spreads quietly, and passes new instructions to industrial machinery attached to the network.

The worm went largely undetected because the creators intentionally limited its spread. Each machine infected could only pass Stuxnet to three additional machines, and it would only target those that had SCADA software installed. The malware also used two stolen digitally signed certificates to avoid detection by security software. "The organization and sophistication to execute the entire package is extremely impressive," said Roel Schouwenberg, a researcher at Kaspersky.

Stuxnet is so sophisticated that both Schouwenberg and O Murchu told InfoWorld they doubt that it could be the work of an elite cybercrime game, nor a single hacker. "They wanted to reprogram the PLCs (programmable logic controls) and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage," O Murchu said. Schouwenberg followed by saying "the most plausible scenario is a nation state-backed group."

Stuxnet seems to be clearly targeted at Iranian facilities, which leaves us with one major question: who is brazen enough to start a cyber-war with the notoriously unpredictable country?

Tags: espionage, industrial espionage, IndustrialEspionage, Iran, Kaspersky, malware, SCADA, stuxnet, symantec, top, web