Stuxnet removal tool is malware too


stuxnet-virusW32 Stuxnet is a virus that first appeared earlier this year and has gained a fair share of infamy and media attention for its alleged attacks on industrial installations, the most publicized being a nuclear power plant in Iran.

The virus works by first infecting a computer running the Windows operating system. Programmers in commercial environments – say an assembly line – use these computers to upload code to devices known as Programmable Logic Controllers or PLCs. The problem comes when the Stuxnet virus hijacks this uploaded code and from then on resides in the PLC itself where it can alter the function of these devices.

Unfortunately, we’re not talking about a robot making incorrect welds on a Ford F-150, though that would be bad. Much worse is the theoretical threat that Symantec has outlinedin one of their blogs about Stuxnet. They detail an even that took place when malicious code infected the PLC governing the operation of a pipeline:

Code was secretly “Trojanized” to function properly and only some time after installation instruct the host system to increase the pipeline’s pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.

Though this incident was not caused by Stuxnet, Symantec is pointing out the way in which it could be used, which is why Stuxnet has been labeled by some as the first “cyber super weapon“.

Needless to say, there are a lot of panicky people out there who anxious to rid themselves of this virus, even if they aren’t in the business of programming PLCs. But Symantec has a warning for anyone out there looking for a quick fix: the cure may be worse than the virus.

Apparently there is a tool circulating the web right now – mainly in forums that discuss the Stuxnet virus –  that promises to get rid of Stuxnet for you, and even claims to be from Microsoft. Neither could be further from the truth.

Well, almost. The supposedly helpful “tool” will rid your PC of Stuxnet if you have it, but it doesn’t discriminate one type of file from another and within a few minutes of running the program, your entire C drive is wiped clean. Stuxnet is gone. And so is everything else.

Typically Microsoft does not issue removal tools for individual security threats like Stuxnet, instead relying on a single Malicious Software Removal Tool, which is updated regularly to identify and remove a whole list of nasty bugs, including Stuxnet.

If you think you are already infected, running this tool should take care of it for you. If you haven’t been infected, but are concerned that you might be vulnerable, here are some suggestions:

  • Install and then regularly update an anti-virus tool such as Norton, Bell Internet Security or the freely available AVG.
  • Turn on Microsoft Windows Update and make sure you install all recommended updates. The most recent update, released on Tuesday, fixes the hole in Windows that allows Stuxnet to do its damage.
  • Surf with caution: Avoid links in emails from people you don’t know. Be wary when when using file sharing services. Never open attachments that you weren’t expecting.
Advertisements

3 comments

  1. Pingback: Tweets that mention Fake Stuxnet removal tool will kill your PC | Sync Blog -- Topsy.com
  2. François

    Before you cross the street look both ways. So apply the same logic before going to a site or downloading. Do not install phone apps that you do not know what it does in the background. And only trust the major players to keep the computer clean through the good software. For sure check the Symantec website for the best advice or one of the major company for the help.

    It amazing me how many of the peoples get caught when all the time the warnings are in front of the face. Many article and the papers talk about vigilance of the self for computer safety.

    I am surprise nobody comment, merci Simon for the reminder to have safe in mind.Sorry I practise my english on you.

    Like

  3. Pingback: Malware causes Iranian nuclear computers to play AC/DC's Thunderstruck | Sync™ Blog