2. Jonathan Baulch

3.  A worm that spreads via USB drives  Exploits a previously unknown vulnerability in Windows  Trojan backdoor that looks for a specific software created by Siemens

4.  June 2009 – Earliest Stuxnet version seen. Lacks many complexities of the later versions  January 25, 2010 – Stuxnet driver signed with valid certificate from Realtek Semiconductor Corps  June 17, 2010 – Virusblokada reports W32.Stuxnet named RootkitTmphider  July 13, 2010 – Symantec adds detection known as W32.Temphid

5.  July 16, 2010 – Verisign revokes Realtek Semiconductor Corps certificate  July 17, 2010 – Eset identifies new Stuxnet driver with certificate from JMicron Technology Corp.  July 19, 2010 – Siemens reports they are investigating reports of malware affecting Siemens WinCC SCADA systems

6.  August 6, 2010 – Symantec reports how Stuxnet can inject and hide code on a PLC  September 30, 2010 – Symantec presents at Virus Bulletin and releases comprehensive analysis of Stuxnet

7.  Self-replicates through removable drives exploiting a vulnerability allowing auto- execution  Spreads in a LAN through a vulnerability in the Windows Print Spooler  Copies and executes itself on remote computers through network shares

8.  Copies and executes itself on remote computers running a WinCC database server  Copies itself into Step 7 projects in such a way that it automatically loads when Step 7 is run  Updates itself through a peer-to-peer mechanism within a LAN

9.  Exploits 4 different zero-day Microsoft vulnerabilities  Contacts a command and control server that allows a hacker to download and execute code  Contains a Windows rootkit that hides its binaries

10.  Attempts to bypass security products  Fingerprints a specific industrial control system and modifies code on the Siemens PLCs to potentially sabotage the system  Hides modified code on PLCs

11.  PLC – Programmable Logic Controller ◦ Loaded with blocks of code and data written using a variety of languages such as STL or SCL ◦ PLCs are small embedded industrial control systems that run automated processes on factory floors, chemical and nuclear plants, oil refineries, etc.

12.  It has yet to be discovered who authored the Stuxnet worm and who/what the target was. ◦ Research project that got out of control. There is history of accidental releases of worms by researches before. ◦ Criminal worm designed to demonstrate the power the authors possess. ◦ Worm released by the U.S. military to scare government into increasing the budget for cyber security. ◦ Developed by Israel to attack Iran

13.  Iran was one of the top countries to be affected most by the Stuxnet worm.  Iran currently is constructing a nuclear plant in Bushehr and experts believe the delays have been the result of Stuxnet.  Report by Siemens expert, Ralph Langer, says that Stuxnet could easily cause a refinery’s centrifuge to malfunction.

14.  Stuxnet achieved many things in the malicious code realm  First to exploit 4 0-day vulnerabilities  Compromised 2 digital certificates  Injected code into industrial control systems and hid the code from operators.

15.  Many experts say it is the most complex malicious software created in the history of cyber security.  Highlights that it is possible to attack critical infrastructures in places other than Hollywood movies.  Improbable that copy cat attacks will begin to be mass produced due to the complexity of the software.

16.  W32.Stuxnet Dossier - http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stux net_dossier.pdf http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stux net_dossier.pdf  Schneier on Security - http://www.schneier.com/blog/archives/2010/10/stuxnet.htmlhttp://www.schneier.com/blog/archives/2010/10/stuxnet.html  Details on the first-ever control system malware - http://news.cnet.com/8301-27080_3-20011159- 245.htmlhttp://news.cnet.com/8301-27080_3-20011159- 245.html