Report on the Worm Stuxnet Attack

Recently, numerous news media have reported incidence about Stuxnet worm. Described as “super weapon”, “Pandora’s Box”, it has attacked the SIMATIC WinCC SCADA system of Siemens.

The Stuxnet worm erupted in July this year. It utilizes at least four vulnerabilities of Microsoft operating system, including three new zero-day vulnerabilities; uses digital signature for its generated drivers; breaks through the physical limitations of industry-specific LAN( local area network) through various ways of invasion for mass spread out; and carries out a devastating attack by exploiting two vulnerabilities in WinCC system. It is the first malicious code that damages the industrial infrastructures directly. According to Symantec’s statistics, about 45,000 networks around the world have been infected with the worm so far, and 60% of the victim hosts are in Iran. Iranian government has confirmed that the country’s Bushehr nuclear power plant has been attacked by Stuxnet.

On July 15, Antiy labs captured the first variant of the Stuxnet worm and conducted an immediate analysis, publishing the corresponding report and preventive proposal instantly as well as keep tracking on them. By now, Antiy Labs has captured 13 variations, and 600+ samples with different hash values.

The full analysis report can be downloaded from here.