Welcome to the Virus Encyclopedia of Panda Security.
It carries out a targeted attack to companies with SCADA systems which use WINCC of Siemens, in order to collect information. It exploits the vulnerability called MS10-046 (CVE-2010-2568), which affects shortcuts, in order to install itself in the computer. It spreads through removable devices, like USB keys.
|First detected on:||July 16, 2010|
|Detection updated on:||Aug. 31, 2010|
Stuxnet.A is a worm with rootkit features which uses the Windows vulnerability MS10-046 (CVE-2010-2568) in order to be installed in the computer. It is a vulnerability that affects shortcuts and which allows remote code execution.
It is designed to carry out a targeted attack to companies with SCADA systems which use WINCC of Siemens, in order to steal information.
Due to its rootkit functionalities, it hides itself in the computer, making its detection more difficult.
Stuxnet.A reaches the computer through removable devices, like USB keys, in several specially designed shortcuts which point to the download of the file that starts the infection.
Note: Microsoft has already released the security patch that solves this vulnerability. If you have a Windows 2008/7/Vista/2003/XP computer, it is recommended to download and apply the security patch for this vulnerability. Access the web page for downloading the patch.
Stuxnet.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
USB keys are infected if they contain the following files, which belong to shortcuts specially designed to exploit the vulnerability:
Copy of Copy of Copy of Copy of Shortcut to.lnk>
Copy of Copy of Copy of Shortcut to.lnk
Copy of Copy of Shortcut to.lnk
Copy of Shortcut to.lnk