TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_STUXNET.A
Overview
Solution

Malware type: Worm

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Infection Channel 1 : Propagates via removable drives

Description: 

Trend Micro has flagged this threat as noteworthy due to the increased potential for damage, propagation, or both, that it possesses.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.

WORM_STUXNET.A Behavior Diagram

Malware Overview

This worm arrives via removable drives.

It drops files. It adds key(s) as part of its installation routine.

It drops copies of itself in all removable drives. It drops an .LNK file that references a copy of itself in removable drives.

It hides files, processes, and/or registry entries.

It drops component files.

It creates mutex(es) to ensure that only one instance of itself is running in memory.

This worm targets Siemens SCADA WinCC systems, which are used for machines and plant operations. On a target system, it attempts to send possibly malicious request to the system database with SQL commands. However, it requires to be in the targeted system to perform its intended routines.

Read more about this threat incident in the Malware Blog entry "USB Worm Exploits Windows Shortcut Vulnerability."

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 14, 2010 5:56:37 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.