Follow:

 

Win32/Stuxnet


Microsoft security software detects and removes this threat.
 
This family of threats can install other malware, inject code in processes, and give a hacker backdoor access and control of your PC.
 
The family can spread via removable drives, such as USB flash drives. 
 
Win32/Stuxnet exploits a vulnerability that is discussed in Microsoft Security Bulletin MS10-046.


What to do now

The following Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Additional recovery instructions
This threat exploits a vulnerability discussed in Microsoft Security Bulletin MS10-046. Make sure that you install the updates available from Microsoft so that your software is no longer affected.

Threat behavior

Win32/Stuxnet is a family of multi-component malware that spread via removable drives. To spread, Win32/Stuxnet exploits a vulnerability resolved with the release of Microsoft Security Bulletin MS10-046. This vulnerability allows the worm component to automatically execute in vulnerable systems by using specially-crafted, malicious shortcut files.
 
When executed, a Win32/Stuxnet worm drops these malicious shortcut files into removable drives. When the drive is accessed using an application that displays shortcut icons (such as Windows Explorer) on a vulnerable computer, the shortcut file is automatically executed. These malicious shortcut files are detected as Exploit:Win32/CplLnk.A.
 
This malware is capable of dropping and installing other components, injecting code into currently-running processes, and allowing backdoor access and control to the infected computer.
 
Win32/Stuxnet has several components including:
 
 
Analysis by Francis Allan Tan Seng

Prevention


Alert level: Severe
This entry was first published on: Aug 05, 2010
This entry was updated on: Feb 26, 2014

This threat is also detected as:
  • Stuxnet (other)