The Stuxnet worm is a 'wake-up call' because of its complexity and its aim at critical infrastructure systems, a Symantec director has told a US congressional committee.
Symantec's security response chief Dean Turner calls Stuxnet "one of the most complex threats". Photo credit: Symantec
The malware is a milestone in many ways, according to Dean Turner, director of Symantec Security Response's Global Intelligence Network, speaking on Wednesday in testimony before the US Senate Committee on Homeland Security and Governmental Affairs. It is the first known threat to: spy on and reprogramme industrial control systems and grant hackers control of critical infrastructures; use four zero-day vulnerabilities; compromise two digital certificates; inject code into industrial control systems and hide the code from operators; and include a programmable logic controller (PLC) rootkit to reprogramme PLCs and hide the changes, he said.
"Stuxnet is an incredibly large and complex threat," he said. "In fact, it is one of the most complex threats that we have analysed to date at Symantec.
"Stuxnet demonstrates the vulnerability of critical national infrastructure industrial control systems to attack through widely used computer programs and technology. Stuxnet is a wake-up call to critical infrastructure systems around the world," he said. "Stuxnet has highlighted that direct attacks to control critical infrastructure are possible and not necessarily spy-novel fictions. The real-world implications of Stuxnet are beyond any threat we have seen in the past."
For more on this ZDNet UK-selected story, see Symantec to Congress: Stuxnet is 'wake-up call' on CNET News.
Talkback
This post has been removed by a moderator.
This post has been removed by a moderator.
This post has been removed by a moderator.