You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Stuxnet.A

 
Threat LevelLow threatDamageHighDistributionNot widespread
Common name:Stuxnet.A
Technical name:W32/Stuxnet.A.worm
Threat level:Medium
Type:Worm
Effects:  

It carries out a targeted attack to companies with SCADA systems which use WINCC of Siemens, in order to collect information. It exploits the vulnerability called MS10-046 (CVE-2010-2568), which affects shortcuts, in order to install itself in the computer. It spreads through removable devices, like USB keys.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95; IIS

First detected on:July 16, 2010
Detection updated on:Aug. 31, 2010
StatisticsNo

Brief Description 

    

Stuxnet.A is a worm with rootkit features which uses the Windows vulnerability MS10-046 (CVE-2010-2568) in order to be installed in the computer. It is a vulnerability that affects shortcuts and which allows remote code execution.

It is designed to carry out a targeted attack to companies with SCADA systems which use WINCC of Siemens, in order to steal information.

Due to its rootkit functionalities, it hides itself in the computer, making its detection more difficult.

Stuxnet.A reaches the computer through removable devices, like USB keys, in several specially designed shortcuts which point to the download of the file that starts the infection.

 

Note: Microsoft has already released the security patch that solves this vulnerability. If you have a Windows 2008/7/Vista/2003/XP computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.

Visible Symptoms 

    

Stuxnet.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

USB keys are infected if they contain the following files, which belong to shortcuts specially designed to exploit the vulnerability:

Copy of Copy of Copy of Copy of Shortcut to.lnk
Copy of Copy of Copy of Shortcut to.lnk
Copy of Copy of Shortcut to.lnk
Copy of Shortcut to.lnk

>