- The Role Of AI In Cybersecurity – Boon Or Bane?
- Less Than Half Of Cybersecurity Professionals Have A Plan In Place To Deal With IoT Attacks: Study
- Cyberattacks Go Up For Small Businesses Over The Past Year: Study
- Phishing And Credential Stuffing Attacks Remain Top Threat To Financial Services Organizations And Customers: Study
- IT-Based Attacks Increasingly Impacting OT Systems: Study
Windows bug used to spread Stuxnet remains world’s most exploited
By Nisheeth Bhakuni | April 25th, 2017
Code-execution flaw is triggered by plugging a booby-trapped USB into
vulnerable PCs.
One of the Microsoft Windows vulnerabilities used to spread the Stuxnet worm that targeted Iran remained the most widely exploited software bug in 2015 and 2016 even though the bug was patched years earlier, according to a report published by antivirus provider Kaspersky Lab.
The Windows vulnerability was first publicly disclosed in July 2010, a few days before security reporter Brian Krebs was the first to report on the Stuxnet outbreak. The bug resided in functions that process so-called .LNK files that Windows uses to display icons when a USB stick is connected to a PC.
Stuxnet—which New York Times reporter David Sanger said was the product of a joint operation between the US National Security Agency and its counterpart in Israel—took great pains not to spread outside of Iran. That effort famously failed. The worm has infected an estimated 100,000 or more computers around the world, the vast majority of which had nothing to do with Iran’s uranium-enrichment program.
Nisheeth Bhakuni
