Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Malware > The Stuxnet Sting

17 Jul 2010   #1

Win 7 Ultimate 64-bit. SP1.
Malware > The Stuxnet Sting


For the past week or so, we've been closely tracking a new family of threats called Stuxnet (a name derived from some of the filename/strings in the malware - mrxcls.sys, mrxnet.sys). In the past few days, it has become a popular topic of discussion amongst security researchers and in the media. First and foremost, we have recently released one additional signature for this threat, and urge our readers to be sure that you've got the latest anti-malware definition updates installed.

Prevalence and distribution

In terms of numbers of attacks, the most reports are coming from the US, Indonesia, India, and Iran. When you factor in the number of MMPC monitored machines along with the number that are reporting attacks, the US falls further down the list, giving way to Iran and Indonesia with attack attempts far higher than the global average.

Figure 1: Geographic saturation of Stuxnet infection attempts

Although the number of new machines reporting an infection attempt has remained constant at around a thousand per day, the number of attempts (tries per machine) has increased over the past few days:

Figure 2: Threat prevalence

Hacker exchange

In addition to these attack attempts, about 13% of the detections we’ve witnessed appear to be email exchange or downloads of sample files from hacker sites. Some of these detections have been picked up in packages that supposedly contain game cheats (judging by the name of the file).

Threat details

What is unique about Stuxnet is that it utilizes a new method of propagation. Specifically, it takes advantage of specially-crafted shortcut files (also known as .lnk files) placed on USB drives to automatically execute malware as soon as the .lnk file is read by the operating system. In other words, simply browsing to the removable media drive using an application that displays shortcut icons (like Windows Explorer) runs the malware without any additional user interaction. We anticipate other malware authors taking advantage of this technique. Stuxnet will infect any usb drive that is attached to the system, and for this reason we’ve classified the malware as a worm. This classification for the malware should not be confused with another vector used by this worm, the newly disclosed vulnerability (CVE-2010-2568) covered in today’s advisory. The vulnerability itself is not wormable.

Read more -
The Stuxnet Sting - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec

 Malware > The Stuxnet Sting

Thread Tools

Similar help and support threads
Thread Forum
WMP12 - WMA, MP3 "Sting" in Album Art
I have seen this pop up a few times and have no idea why and/or how to make it stick. Occassionally, the file type is in the lower-right corner of the album art. This has been added on the fly by WMP12. Does anyone know how to configure this?
Music, Pictures & Video
Expert: Stuxnet was built to sabotage Iran nuclear plant | InSecurity Complex - CNET News
Chillout Room
Is Stuxnet the 'best' malware ever?
More - Is Stuxnet the 'best' malware ever? | Security Central - InfoWorld

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:52.
Twitter Facebook Google+