Stuxnet malware is still a major concern for Microsoft. The giant has already warned the users against the security threat it offers for the Windows operating system users. The security vulnerability allows the Struxnet malware to propagate to new systems using the USB drives used in the infected machines.
According to Microsoft, the targets for the Struxnet malware is not the common user, but industrial companies like the ones that use Siemens’ SCADA (supervisory control and data acquisition) software. The majority of the infections by the malware were reported in United States. As per figures, about 58% of the attacks were reported in US followed by 30% in Iran.
Struxnet malware was discovered to propagate and transmit to a new machine if the system uses a USB drive used in the infected machine. The malware transmits through the short-cut files in the infected USB drive. Even if you browse through an infected USB drive on Windows Explorer, the malware can infect your machine. Actually, the Struxnet malware has the capability to trick the Windows Operating systems to execute its code without the permission of the user to launch any files. It hijacks the mechanism that is used to show up the icons for .lnk files or the shortcut files. Now, when the infected system tries to render the files on the drive as a series of icons, the Struxnet gets in and thus infects the system.
The technique of the Struxnet malware has been used by very few viruses and trojans, but Microsoft has a concern over massive increase in the number of viruses in coming times if a solution is not found out. The viruses may take advantage of exploiting the malware variants to create big problems. Microsoft has requested its users to download the latest updates for the anti malware software and stay updated against the malware. The users are directed to disable the display of the icons for the shortcut links and also for the WebClient service.
An interesting fact in the research done on the Struxnet malware by the Microsoft team came up with results that this group of malware uses the device drivers that are digitally signed and makes them appear as if they have come up from the hardware vendor Realtek Semiconductor Corp. Although the digital certificate for the vendor has been revoked, but it is a huge matter to concern for Microsoft that the malware originator has an easy access to the private key that was made available to their trusted vendor of the device driver. The device driver code has an access to hardware and operating systems at a lower level than the normal application code and all this controlled by the digital certificates. The intensity of threat can be imagined that the Struxnet malware has an easy access to the code to execute as a trusted device driver. It is important that Microsoft works out a quick solution to the security vulnerability otherwise it might be a considerable risk to millions of machines across the world and the malware can play with the critical infrastructure applications.
