Eric Chien says Symantec has had a breakthrough in understanding the final legs of Stuxnet worm. The worm was known to Statement List (STL)  rootkit1 Siemens Programmable Logic Controllers (PLCs) but it was not clear what the worm was looking for on the other end of the PLC.

Now they know that the worm was meant to disrupt frequency converter drives operating between 807 Hz and 1210 Hz.Drives operating in such ranges are used for tasks such as Uranium enrichment and Iran is believed to have been the source of first infections.

Here is an interesting W32.Stuxnet demonstration video from Symantec.

1This made the infection undetectable on the logic controller. Note that PLC rootkitting is in addition to Windows rootkit components so infected removable media look clean etc.

Tagged with →  
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.