Stuxnet Worm Computer Virus

Erin Robinson

What is Stuxnet?

Stuxnet is a computer worm that targets the types of industrial control systems (ICS) that are commonly used in infrastructure supporting facilities (i.e. power plants, water treatment facilities, gas lines, etc).

What does Stuxnet Do?

Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls.

How does Stuxnet reach these PLCs?:

For security reasons, many of the hardware devices used in industrial control systems (ICS) are not Internet-connected (and often not network connected). To counter this, the Stuxnet worm incorporates several sophisticated means of propagation with the goal of eventually reaching and infecting STEP 7 project files used to program the PLC devices.

For initial propagation purposes, the worm targets computers running the Windows operating systems. However, the PLC itself is not a Windows-based system but rather a proprietary machine-language device. Hence Stuxnet simply traverses Windows computers in order to get to the systems that manage the PLCs, upon which it renders its payload. (For specific information on the Windows spread of the worm, see How Does Stuxnet Spread?).

To reprogram the PLC, the Stuxnet worm seeks out and infects STEP 7 project files. STEP 7 project files are used by Siemens SIMATIC WinCC, A supervisory control and data acquisition (SCADA) and human-machine interface (HMI) system used to program the PLCs.

Stuxnet contains various routines to identify the specific PLC model. This model check is necessary as machine level instructions will vary on different PLC devices. Once the target device has been identified and infected, Stuxnet gains the control to intercept all data flowing into or out of the PLC, including the ability to tamper with that data.

The serious nature of the Stuxnet worm has led to no end of speculation and conjecture. To dispel some of those myths, see: The Unglamorous Truths About the Stuxnet Worm.