Stuxnet Includes Expiration Date to Halt Spread of Malware
By: Robert Lemos
Stuxnet is many things: A cyber-weapon, a nation-state attack on Iran's nuclear processing capability, and a computer virus. On Sunday, however, the program ceased its run as a slowly spreading virus.
On Monday, researchers at Kaspersky Labs identified an expiration date-June 24, 2012-within the Stuxnet's code that halted the program from propagating via USB memory sticks. While Stuxnet is not dead, the program has outlived its useful life, says Roel Schouwenberg, senior researcher with Kaspersky.
"The authors decided that this was the end date of the mission," says Schouwenberg.
Stuxnet is the youngest of the three programs identified by security researchers as potential nation-state attempts to create digital weapons to use against rivals. The recently discovered Flame malware appears to be the oldest program, first released perhaps five years ago. While researchers are still analyzing the program's modules, the attack's main goal is stealing information and espionage. Similarly, Duqu, a program released after Flame, also aims to steal information.
Unlike Flame and Duqu, Stuxnet was created to spread on its own so it could infiltrate sensitive networks not usually connected to the Internet.
"Remember here, unlike with Duqu and Flame, Stuxnet was autonomous," Schouwenberg says. "The authors, with Stuxnet, were more aggressive."
While many security experts theorized that Stuxnet was the work of the United States and Israel, the evidence supporting the assertion was almost entirely circumstantial. In a recent book, however, David Sanger of The New York Times reported that sources at the White House had confirmed that Stuxnet was the work of the two countries.
The authors of Stuxnet released the attack in three waves. On June 23, 2009, the program was seeded in certain systems, with two more waves on June 28 and July 7, 2009, according to a Kaspersky Labs analysis. Stuxnet infected Windows systems and, on computers running specific control software from Siemens, infected the control programs for certain industrial equipment, most notably the centrifuges used to refine uranium.