Weaponized Malware: Top Four Cyberattack Tools4:00 PM EST Fri. Nov. 09, 2012
Over the past two years, four pieces of malware have emerged as veritable weapons and have been used for destructive purposes or to assist in such attacks.
1. Stuxnet is the most widely known of the four. Stuxnet was designed with a highly specialized malware payload that targeted SCADA systems that control specific industrial processes. Originally used to attack centrifuges that were part of Iran's alleged nuclear weapons program, it's likely to have been developed with the support of a nation state.
First discovered in June 2010, the malware is believed to been released into the wild by accident when an engineer's computer that had been connected to the centrifuges was subsequently connected to the Internet. While no one has claimed responsibility for Stuxnet, the U.S. and Israel are widely suspected, according to many security experts.
2. Discovered in September of last year, Duqu is thought to be related to Stuxnet. This worm is programmed to look for data that can facilitate attacks on industrial control systems. However, its capabilities are by no means limited to SCADA infrastructure. When isolated onto PCs, the bug frequently deletes itself as well as its payload and even the contents of the hard drive, thereby making it far more difficult to investigate.
3. Flame, which is also known as Flamer and Skywiper, is highly modular in nature, meaning that many of its capabilities can be lifted out of the Flame code and dropped into new malware of the attacker's choosing. Discovered this year, it has been used mostly for cyberespionage activities in the Middle East and is likely to have been developed by operatives in the U.S. and/or Israel, security experts have said. Considered by some to be even more sophisticated than Stuxnet, Flame uploads screenshots to its command and control servers, and records audio, keystrokes and network activity.
4. Shamoon is the most recent arrival. The bug was discovered in August as the focal point of an attack against Aramco, a large Saudi Arabian oil company. Shamoon uploads files to its control servers and typically erases them on the host machine after doing so. The virus also corrupts the master boot record, thereby taking the machine completely out of service.
PUBLISHED NOV. 9, 2012