When and how Stuxnet was discovered?
Discovery of this threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, which including a uranium-enrichment plant. Although a computer virus relies on an innocent victim to install it, a worm spreads on its own, mostly through a computer network.
Stuxnet could spread stealthily between computers running Windows—even those which were not connected to the Internet. The most active method for this worm to spread for example if a worker stuck a USB thumb drive into an infected machine, Stuxnet worm which was hidden, gets activated and find its way onto the computer, then spread onto the next machine that read that USB drive.
Phase that this worm spread?
This worm spread unprecedentedly masterful and malicious piece of code which attacked in three phases.
- First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself.
- Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges.
- Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)
Modus Operandi of Stuxnet?
Once inside a network, it uses a variety of mechanisms to propagate to other machines within that network and gain access once it has infected those machines. These mechanisms include both known and patched vulnerabilities, and four "zero-day exploits": vulnerabilities that were unknown and unpatched when the worm was released.
Stuxnet real target Programmable Logic Controller (PLC), so it doesn't actually do anything on those infected Windows computers. What is a PLC? these are small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines--and, yes, in nuclear power plants. These PLCs are often controlled by computers, and Stuxnet looks for Siemens SIMATIC WinCC/Step 7 controller software.
If Stuxnet virus doesn't find nothing, it passes on. If it does, it infects it using yet another unknown and unpatched vulnerability, this one in the controller software. Then it reads and changes particular bits of data in the controlled PLCs. It's impossible to predict the effects of this without knowing what the PLC is doing and how it is programmed, and that programming can be unique based on the application. But the changes are very specific, leading many to believe that Stuxnet is targeting a specific PLC, or a specific group of PLCs, performing a specific function in a specific location--and that Stuxnet's authors knew exactly what they were targeting.
Also read-How To Remove Mustang Browser In Easy Steps (Updated)?
As per the reports It's already infected more than 50,000 Windows computers, and Siemens has reported 14 infected control systems, many in Germany. All the anti-virus programs detect and remove Stuxnet from Windows systems.
Stuxnet was first discovered in late June 2017, although there's speculation that it was released a year earlier. As worms go deep into the infected computer it gets very complex over time. In addition to the multiple vulnerabilities that it exploits, it installs its own driver into Windows.
Over time the attackers swapped out modules that didn't work and replaced them with new ones--perhaps as Stuxnet made its way to its intended target. Those certificates first appeared in January
Stuxnet has two ways to update itself. First it checks back to two control servers, one in Malaysia and the other in Denmark, but also uses a peer-to-peer update system: When two Stuxnet infections encounter each other, they compare versions and make sure they both have the most recent one. It also has a kill date of June 24, 2012. On that date, the worm will stop spreading and delete itself.
Stuxnet doesn't act like a normal nasty worm- as obverse It doesn't spread indiscriminately. It doesn't any steal credit card information or account login credentials. It doesn’t put the infected computers into a botnet. But to work its way out, it uses multiple zero-day vulnerabilities.
Suspected Making and Creator of this worm?
Stuxnet was expensive software to design and create. It involved 8 to 10 people six months to write and execute this software. Whoever wanted to execute Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended was done perfectly.
Stuxnet also sets a registry value of "19790509" to alert new copies of Stuxnet that the computer has already been infected. It's rather obviously a date, but instead of looking at the gazillion things--large and small--that happened on that the date, the story insists it refers to the date Persian Jew Habib Elghanain was executed in Tehran for spying for Israel.
Sure, these markers could point to Israel as the author. On the other hand, Stuxnet's authors were uncommonly thorough about not leaving clues in their code; the markers could have been deliberately planted by someone who wanted to frame Israel. Or they could have been deliberately planted by Israel, who wanted us to think they were planted by someone who wanted to frame Israel. Once you start walking down this road, it's impossible to know when to stop..
Also read- What is Zero-day Exploit? How To Remove Zero-day Exploit Virus Easily?
Download Free Removal Tool
Tips to prevent stuxnet virus from entering your computer :
1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.
3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Download Free Virus Removal Tool
6. Install a powerful ad- blocker for Chrome, Mozilla,and IE.
