is a family of multi-component malware that spread via removable drives. To spread, Win32/Stuxnet
exploits a vulnerability resolved with the release of Microsoft Security Bulletin MS10-046
. This vulnerability allows the worm component to automatically execute in vulnerable systems by using specially-crafted, malicious shortcut files.
When executed, a Win32/Stuxnet
worm drops these malicious shortcut files into removable drives. When the drive is accessed using an application that displays shortcut icons (such as Windows Explorer
) on a vulnerable computer, the shortcut file is automatically executed. These malicious shortcut files are detected as Exploit:Win32/CplLnk.A
This malware is capable of dropping and installing other components, injecting code into currently-running processes, and allowing backdoor access and control to the infected computer.
Win32/Stuxnet has several components including:
Analysis by Francis Allan Tan Seng