Welcome to the Virus Encyclopedia of Panda Security.
The aim of Stuxnet.A is to carry out a targeted attack to companies with SCADA (see Note) systems which use WINCC of Siemens, in order to steal information.
In order to be installed in the computer, it uses the vulnerability MS10-046 (CVE-2010-2568). It is a Windows vulnerability that affects shortcuts and which allows remote code execution.
Stuxnet.A carries out the following actions:
Microsoft has already released the security patch that solves this vulnerability. If you have a Windows 2008/7/Vista/2003/XP computer, it is recommended to download and apply the security patch for this vulnerability. Access the web page for downloading the patch.
Note: SCADA stands for supervisory control and data acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process.
Stuxnet.A creates the following files:
Stuxnet.A creates the following entries in the Windows Registry:
Stuxnet.A spreads through removable devices, like USB keys, making copies of the malicious shortcuts to the USB keys that are connected to an infected computer. These shortcuts use the vulnerability called MS10-046 (CVE-2010-2568), which affects files with a LNK extension.
Stuxnet.A is 8,192 bytes in size.
Stuxnet.A creates several random mutexes, in order to ensure that only a copy of the worm is active at any moment.