Stuxnet: This worm that hit Iran’s nuclear facilities is pretty remarkable. In general, people are saying that it’s way too sophisticated for “normal” virus writers, and could only have come about from a state-sponsored effort.
The complexity of the software is very unusual for malware. The attack requires knowledge of industrial processes and an interest in attacking industrial infrastructure. The number of used zero-day Windows exploits is also unusual, as zero-day Windows exploits are valued, and hackers do not normally waste the use of four different ones in the same worm.
Stuxnet is unusually large at half a megabyte in size, and written in different programming languages (including C and C++) which is also irregular for malware. It is digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. It also has the capability to upgrade via peer to peer, allowing it to be updated after the initial command and control server was disabled.
These capabilities would have required a team of people to program, as well as check that the malware would not crash the PLCs. Eric Byres, who has years of experience maintaining and troubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not years.
If it’s true that this came from a government (directly or indirectly), this means that its likely either the United States or Israel intentionally crafted a virus to target a specific capability of their enemy, then infected their systems with it. Could this be the first actual cyber-warfare action among nation states?