Stuxnet is one of the most famous computer worms that was discovered several years ago, in the middle of 2010. The first time when Stuxnet was noticed, it was targeting the Iranian nuclear facility with an attempt to injure the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon.


This is not a typical worm - instead of trying to steal credit card details, passwords or other sensitive information, Stuxnet is launched against industrial systems. It causes the centrifuges to self-destruct, creating lots of damage. According to security experts, this threat had a great potential to be used for physical destruction.

It seems that attackers have designed this digital worm with great care so that it wouldn't hit those computers and networks that do not meet specific configurations. According to some security experts, it is also set to apply some self protection tips, like easing itself on June 24 2012 and similar. The way targets get infected with Stuxnet is really unprecedented - this virus has already used four zero-day vulnerabilities. In addition, this half a megabyte in size virus can also infect systems through removable drives, such as USB drives or similar.

Iranian officials have found that an antivirus, or at least a fake copy of the antivirus that was precieved to be the real antivirus, Siemens SCADA was supplying Stuxnet with updates and code instead of detecting it and erasing it from the user's computer.

In the end of 2011, security experts noticed a new threat (duqu) that seems to be created from the same code base as Stuxnet. However, having almost identical code base, this virus seems to be released for completely different reason than its predecessor – it seems to be designed for information theft.


Siemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support if an infection is detected and advises installing Microsoft updates for security vulnerabilities and prohibiting the use of third-party USB flash drives. Siemens also advises immediately upgrading password access codes.

The worm's ability to reprogram external PLCs may complicate the removal procedure. Symantec's Liam O'Murchu warns that fixing Windows systems may not completely solve the infection; a thorough audit of PLCs may be necessary. Despite speculation that incorrect removal of the worm could cause damage, Siemens reports that in the first four months since discovery, the malware was successfully removed from the systems of 22 customers without any adverse impact.

Other Viruses in the Stuxnet family


Stuxnet How It Infects PLCs

Stuxnet How It Infects PLCs


Worm.Win32.Stuxnet (April Fools Day Video)


Video on how stuxnet infects PLCs [1]

Article about Stuxnet on PC MAg [2]

Deciphering Stuxnet [3] Trojan horse

Community content is available under CC-BY-SA unless otherwise noted.