Home      Buy      Download      Products      Support      Partners      Reseller zone      About company     
ESET on Matousec“s 8.0 Earthquake Top 3 Global Threats: Malware Family Capable of Stealing User Information ESET Acquires Antispam Maker How Does Yours Compare? European PCs under attack by removable media malware Virus Bulletin Test: ESET NOD32 Antivirus Uses Minimum System Resources ESET NOD32 Antivirus 4 for Mac and Linux Available in Beta 2 version Website-infecting Trojan Becomes One of the Top Threats in Europe ESET Update Boosts Engine Scanning Speed ESET Analysis: Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran After Facebook leak, ESET advises computer users how to keep safe on social networks Win32/Conficker – Threat Exploiting Windows Vulnerability a Top Threat in July ESET Secures Record 63rd “VB100” Award
 
ESET Analysis: Worm Win32/Stuxnet Targets Supervisory Systems in the U.S. and Iran


BRATISLAVA - ESET, the global leader in proactive protection against malware has issued a warning against a worm dubbed Win32/Stuxnet, which threatens users around the globe. Exploiting a vulnerability in Windows® Shell, this dangerous threat is detected by ESET as LNK/Autostart.A. It is used in targeted attacks to penetrate SCADA systems, especially in the United States and Iran. SCADA are supervisory and monitoring systems used in many industries, for instance in power engineering.


According to ESET Virus Lab, the worm has been active for several days, lately especially in the U.S. and Iran: almost 58% of all infections are reported in the United States; 30% in Iran and slightly over 4% percent in Russia. The cyber attacks in the U.S. and heightened activity of the worm in Iran come in the wake of persisting tensions between the two nations over nuclear ambitions of this Middle Eastern country. “This worm is an exemplary case of targeted attack exploiting a zero-day vulnerability, or, in other words, a vulnerability which is unknown to the public. This particular attack targets the industrial supervisory software SCADA. In short – this is an example of malware-aided industrial espionage. The question is why the chart of affected nations looks as it does,” says Juraj Malcho, head of the Virus Lab at ESET’s global headquarters in Bratislava, Slovakia.


Most of the damage caused by the worm is limited to industrial targets, with home users being much less affected. “So far, the number of infected PCs are in the tens of thousands, but likely to rise,” elaborates Malcho. According to ESET analysis, the Stuxnet worm in and of itself poses no greater threat for home users than the average computer threat. The danger lies in the Windows® OS vulnerability connected with processing of LNK files.  Experts expect even more malware families to begin to exploit this security gap in the near future.


Interesting angle to this story is how the worm spreads. “For a truly targeted attack it would have been coded to make specific checks to see that it only ran where it was supposed to and did not spread. Spreading increases the odds of detection. If the attack was aimed at only US systems, then the attacker would not want the code appearing all over the world. This fact might indicate a number of potential attackers,” says Randy Abrams, Director of Technical Education at ESET in the U.S. “ The ability to attack power grids throughout the world would be very appealing to terrorist groups,” concludes Abrams.
ESET security solutions effectively detect and clean this threat.  A patch from Microsoft is expected to be issued soon as well.



PCs infected by the Win32/Stuxnet worm according to ESET Virus Lab

United States 57,71%
Iran 30,00%
Russia 4,09%
Indonesia 3,04%
Faore Islands 1,22%
United Kingdom 0,77%
Turkey 0,49%
Spain 0,44%
India 0,29%
Rest of the world 1,73%


About ESET
Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.


ESET has headquarters in Bratislava, Slovakia and offices in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic, and an extensive partner network in 160 countries. In 2008, ESET has opened a new research center in Krakow, Poland. ESET was named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.