Viruses are defined as “ small highly specialized infectious agent”. This definition has been common for the last decades or century to define nature’s microorganisms, which tend to infect most living organisms from humans down to bacteria. Now, it seems that the definition would be widened to include even these little malicious computer codes –that they used to call worms– but now the word virus would seem more appropriate.

In July 2010, a malicious code was discovered and assigned the name “Stuxnet” the powerful virus, and –unlike the previous ones– this one simulates the biological virus in the way it acts. Speaking biologically, a common flu virus would enter the human body through the respiratory tract, bind to special receptors and infect the entire respiratory tract causing the common flu symptoms, this could have been applied to older computer viruses. The new Stuxnet virus, however, would resemble a more specialized biological viruses as hepatitis viruses or HIV; the Stuxnet virus gains entrance to the computer via “Universal Serial Bus“ –commonly known as “USB port”– and then spreads like wild fire in the entire network its device is connected to.

Up to this part, Stuxnet would be a common garden-variety computer virus, but this is not enough for Stuxnet. Just like HIV searches for CD4 cells and hepatitis virus searches for hepatic cells, the malicious code Stuxnet searchs the infected computer for its target, which is a special control program called “Supervisory Control and Data Acquisition (SCADA) developed by Siemens Co. for operation of industrial systems, and used to control manufacturing processes from centralized locations, for example it can be used to alter the motor work rate of a machine on a factory floor, or the pressure in a pipeline, so typical environments could be oil pipelines and power plants.

This highly specialized virus is also unique in its mode of action; the sophisticated virus uses a four “zero-day” vulnerabilities –zero-day vulnerability or zero-day attack is a security hole or breach in a program which the developer is unaware of. Using four of these zero-day vulnerabilities is quite weird because these zero-days are of great value ( for hacker and malware makers )and using 4 of them in a single code is quite odd. Again the code still surprises us with its resemblance to biological viruses, for examples, like flu virus that has the ability to mutate and change forms via multiple ways, and like any bacterium that acquires resistance through plasmids or other pathways, Stuxnet can upgrade itself via peer-to-peer architecture (p2p, a distributed application architecture that partitions tasks or workloads between peers) allowing it to be updated after the initial command and control server (the initial computer) is disabled.

Symantec Corp., one of the world computer security leaders, estimates that 45.000 computers have been infected, and like biological threats and biological warfare viruses, Symantec also estimates nearly 30.000 of these infected computers in Iran only, and earlier today (27 September 2010) undisclosed Iranian sources said the nuclear plant have indeed been hit by Stuxnet with no damage to the plant.

I guess Arnold Schwarzenegger (The terminator) wasn’t lying after all when he said “I’ll be back!! “

References:

  1. http://www.v3.co.uk/v3/news/2270008/stuxnet-worm-wreaking-havoc
  2. http://en.wikipedia.org/wiki/Stuxnet
  3. http://www.v3.co.uk/v3/news/2270478/iran-confirms-stuxnet-hit

Image credit:
http://static.dezeen.com/uploads/2008/03/newton-virus-objectsq.jpg

Share!
  • Twitter
  • Facebook
  • email
  • StumbleUpon
  • Google Reader
  • LinkedIn
  • BlinkList
  • Reddit
  • Tumblr
Tags: , , , , , , ,
Leave a Reply

You must be logged in to post a comment. Login »


StatCounter