Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Stuxnet reached its target via the networks of trusted business partners

Tim Greene | Nov. 13, 2014
Early versions of the malware seemed dedicated to intelligence gathering, later versions to attacking.

Kaspersky was able to deduce the five companies victimized by Stuxnet because the malware logs the names and addresses of the machines it infects, and the names included clues that led to the names. For example, the name APPLSERVER NEDA was logged for a machine infected July 7, 2009, which likely meant it was an application server within Neda Industrial Group.

Coincidentally, one of the compromised machines at Foolad was named KASPERSKY ISIE. "When we first saw the computer's name, we were very much surprised," says Kaspersky's Gostev. "The name could mean that the initial infection affected some server named after our anti-malware solution installed on the machine."

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.