US government warns of potential new Stuxnet attack

By Stuart Sumner
01 Aug 2011 View Comments
Capitol Hill in Washington DC

The US government's Department of Homeland Security (DHS) has warned that the Stuxnet virus which attacked Iran's nuclear programme a year ago, could be set for a return.

It admitted that as a result of disseminating so much detail relating to the malcious code, it might inadvertantly have given attackers sufficient information to build their own variants.

Further reading

In a report published last week, Sean P McGurk and Roberta Stempfley of the DHS' Office of Cyber Security and Communications said: "Looking ahead, the Department is concerned that attackers could use the increasingly public information about [Stuxnet] to develop variants targeted at broader installations of programmable equipment in control systems.

"Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now."

Kurt Baumgartner, a senior researcher at security firm Kaspersky Lab, said that experienced malware authors can be hired by criminals to perform these sorts of attacks on critical infrastructure.

"With the growing public body of knowledge on Stuxnet, the risk increases that these for-hire teams' efforts may be informed by the Stuxnet design."

However, despite being lauded by some for its sophistication, Stuxnet has its critics.

Nate Lawson of security design firm Root Labs said that the worm could have been better at hiding itself.

"Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload.

"[Stuxnet] does not use virtual machine-based obfuscation, novel techniques for anti-debugging, or anything else to make it different from the hundreds of malware samples found every day."

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %