It’s alive! Most people in the cyber security community are all-too-familiar with “Stuxnet” – the infamous worm that used Microsoft Windows vulnerabilities to target an Iranian nuclear program. According to a recent Ars Technic article, one of these bugs is still being exploited even though it was first disclosed and patched way back in 2010. In fact, it continued to be the world’s most exploited vulnerability through 2015 and 2016.
The article breaks down key findings from a new Kaspersky Lab report that details the lingering effects of this nasty bug. According the report, the vulnerability lives in functions that process .LNK files, which Windows uses to display icons whenever a USB stick is connected to a PC. By hiding malign code inside the .LNK file, an infected USB stick can easily deliver its payload even when the computer’s autorun feature is disabled.
Stuxnet’s legacy endures through this vulnerability – even after roughly seven years! The bug’s ability to self-propagate and operate without network connection make it particularly persistent. Outside of targeting Iran, the worm is estimated to have infected 100,000 or more computers worldwide.