1. Technical analysis of the problem
Stuxnet is a specialised malware targeting SCADA systems running Siemens SIMATIC® WinCC or SIMATIC® Siemens STEP 7 software for process visualisation and system control. SCADA in general refers to computer systems that monitor and control industrial processes, such as e.g. those in nuclear power plants, or in facilities for water treatment.
This highly sophisticated malware uses several vulnerabilities in the underlying Windows® operating system for infection and propagation. Infection works via USB-drives or open network shares. A root kit component hides the content of the malware on infected WinCC systems. An infected system can usually be controlled remotely by the attacker. In the end this means that means the attacker has full control of the respective facility.
2. Detection and mitigation
It is highly recommended that users of the above mentioned systems check them for infection. Siemens published a tool and a manual on how to proceed. Also the respective security bulletins issued by Microsoft should be studied and followed (which is true for any user of Windows® operating systems). Please refer to the links list below at the end of this text.
Further, sample links for updated information:
• Siemens tool & procedures for removal
• Symantec ongoing analysis of stuxnet
o Stuxnet White Paper
o Ongoing stuxnet Response Blog
• ENISA country reports, which gives an overview of national actors whom may provide updated information in your own language:
See Agency press release on Stuxnet.