ACCORDING TO Mikko Hypponen, F-Secure's chief security researcher, there has been a revolution in malware with Stuxnet. "The worst case scenario is that Al-Qaeda or another organisation could gain access to this type of knowledge and information, and make use of it to launch attacks on critical infrastructure - like blow up nuclear power plants or do something to our food chain."
Discovered at the middle of last year, Stuxnet has become a major talking point for those involved in computer security, but more than that, also among those interested in international espionage.
"I think Stuxnet is a new phenomenon, the first example of its kind, and will be something we will look back at in years to come," said Hypponen, whose information security experience spans many years and who was involved in classified briefings regarding the new threat.
"There will be copies of Stuxnet, from the same source and elsewhere," he predicted.
Stuxnet is a Windows worm that is propagated on USB sticks and over private networks, but with one very unique feature - it doesn't replicate over the Internet. Malware that we generally see on computers is generally designed to spread as far as possible, as cyber criminals aren't too worried about what it will infect.
But Stuxnet is different, because it wants to reach environments that are disconnected from the Internet on purpose, like the nuclear programme in Iran. But that's not to say that it won't infect your Windows PC.
Hypponen said, "It infects any Windows PC that you put an infected USB stick in. But when it infects a PC it does nothing. It will only replicate on any other USB stick you put into it."
This means that Stuxnet is a worm that can go around the world silently, doing nothing to the systems it infects, waiting for a precise moment to strike. And it will strike, but only if it reaches a Windows PC that has a specific type of program installed.
"It's called Step 7, made by Siemens and which is used to program Programmable Logic Control (PLC) devices," said the researcher. "These boxes control factories, pumps, general purpose systems. These are running their own operating system, which isn't Windows as it isn't reliable enough."
But the PLC boxes need to be programmed by a Windows computer before they are sent over to a factory or wherever they need to go. If a USB stick has transferred Stuxnet to one of these computers, this is the point where Stuxnet will start to make its move, if it finds itself on a system that has a specific type of PLC box connected.
"It will reprogram the PLC, so that any changes are hidden. And it will wait, hoping that somebody disconnects the PLC from the Windows computer and takes it to a factory."
If that does happen, Stuxnet will still do nothing, apart from check what kind of factory the PLC box is supposed to be controlling.
"It's trying to find a specific environment with a specific configuration of high frequency power converters made by two different manufacturers. When it finds the right kind, then it knows it's in the right environment."
Upcoming flagships might not switch to USB-C after all
Netflix without the chill
The best things come in the same sized package as last time
'Open source' and 'Microsoft' in same sentence shock