Stuxnet is a notorious computer worm which was designed to attack centrifuge systems used to refine nuclear material. It is best known for its successes in this endeavor in the Islamic Republic of Iran. These successes made Stuxnet the first known cyberweapon. Stuxnet contains about 15,000 lines of code in all, and is believed to have been a targeted attack on the Natanz uranium refinery.
In June 2010 a security company VirusBlokAda detected this malware and gave it the name "Rootkit.Tmphider." Symantec then named it "W32.Temphid," but later changed the title again to "W32.Stuxnet." Unlike some other malware like Conficker, Stuxnet did not give itself a name. Instead, the name was derived from common references in the worm. The first part of the name, "stu," comes from the ".stub" file extension, and the second part, "xnet", comes from the "MrxNet.sys" file.
The writer of this malware is not known, but the complexity of it and the amount of research which went into it suggests to most that it was designed by an organization or government. It uses not one or even two but a total of five zero day exploits (vulnerabilities which had not yet been found) which implies a powerful entity was behind it. Since the United States and Israel would probably be at the greatest risk if Iran does achieve nuclear capabilities, it is generally suspected that one or both of these governments where involved.
How it Works
The Stuxnet worm spread like all other worms, on its own without human action. It jumped from Windows system to system, checking for Siemens industrial control systems PLC, which were used by uranium refineries in Iran. If the systems were not detected, it would try to spread to other computers, but not harm its new host. Only if these systems where present would it go to work, causing the equipment to malfunction while the monitors displayed false information.
The targeted refinery systems where air-gapped, that is, not connected to the internet. Therefore, the malware needed to be hand delivered. In such cases, an infected flash drive is often left outside of the facility, and a curious or well-meaning individual will connect it to a computer inside to see the contents. Once connected, it will infect the computer, and begin to spread.
In all, about one fifth of Iran’s nuclear centrifuges where destroyed. However, Stuxnet was not intended to leave the targeted facility, since it was air-gapped. Unfortunately, it did escape and is still on the loose in the World Wide Web. It is not nearly as contagious as it was at first, but even so, the Czech Republic-based security firm Kleissner & Associates reported that at least 153 unique machines were infected with Stuxnet in 2013 and 2014. Since it was designed to attack Siemens industrial control systems, it is still a threat to some such equipment which is controlled by older or unpatched operating systems.
There have been other repercussions as well. Now malware has been proven an effective attack against country as a whole or a specific program. Meanwhile, a powerful piece of code still capable of breaking into unprotected systems is "floating" around, out of control. If the wrong party was able to gain a copy of the malware, they could theoretically decompile, edit, and release it for their own purposes.