Gone are the days when a computer virus could just be cleaned and the computer could be vaccinated with a strong antivirus program. New pieces of software and malicious code have propped up, those that are hidden deep within the actual software and can go undetected by ordinary firewalls and antivirus kits. Now, these things can take down entire computer networks, control and shut down water supplies, banks, nuclear reactors and any other networking infrastructure that was previously thought to be unhackable.
What is this malicious thing?
It is a piece of code, generally called a computer worm that is about 500-kilobytes in size and is capable of infecting not only the mother computer but also move on to its shared networks and the devices there, and these devices do not necessarily have to be computer systems. Stuxnet, the most insidious computer worm is 20 times more complex than any other virus ever made and could give the impression to the monitors that everything was running fine.
Where was it first detected?
It was first detected to be in databases of traffic control systems, nuclear power plants, and factories all over. Then in 2010, it came to light that the virus had spread to and attacked about 14 of the biggest industrial areas of Iran. With a potential to turn down or even turn off the pressure inside reactors and completely shut down oil pipelines without the knowledge of the monitor, this was the biggest threat that the cyber world was facing. The antivirus biggies like Kaspersky have called it the "Pearl Harbor of the Cyber World".
How does the worm spread?
After the first detection, a cybersleuth of Kaspersky Labs, Roel Schouwenberg had said,"Suddenly it was fiction becoming reality".
The spread and attack of Stuxnet have three distinct phases:
- It primarily targetted machines that run Microsoft's Windows OS and spread through USB drives inserted into the computers, without the knowledge of the user.
- Then it looks specifically for the Siemens Step7 software that is used in enormous industries to operate and control centrifuges. The worm could potentially destroy the centrifuges after gaining access.
- Finally, it could take over the entire system by taking control of the programmable logic controllers.
It's real purpose and how it was taken down
The potential of a worm such as Stuxnet was huge, it could derail and disrupt trains, spike water supplies to poisonous levels, and even take down entire power stations. But the analysis made by the security specialists at Kaspersky coupled with their reverse engineering of the worm deduced that it was specifically targeting Siemens software running huge centrifuges at Iran's Nuclear Enrichment Program, a political attack on the nation of Iran. Also one of the analysts said, "this isn't something that a group of 10 hackers could do, and even if they did, it would take about 3 years, and instead it is a nation-state sponsored attack". It was then through thorough analysis that the worm could be subdued and removed from the infected systems!
This wasn't the end of the nation-state sponsored cyber attacks as more such worms like Flame, Duqu, and Gauss reared their ugly heads, each one bigger and more insidious that the previous one. But this time Kaspersky was prepared and were able to somewhat contain the spread and attack of these malware.
A great documentary movie by the name Zero Days outlines what this virus could've done if not for the quick-acting Kaspersky cybersleuths!