One of the Microsoft Windows vulnerabilities used to spread the Stuxnet worm that targeted Iran remained the most widely exploited software bug in 2015 and 2016 even though the bug was patched years earlier, according to a report published by antivirus provider Kaspersky Lab.
The Windows vulnerability was first publicly disclosed in July 2010, a few days before security reporter Brian Krebs was the first to report on the Stuxnet outbreak. The bug resided in functions that process so-called .LNK files that Windows uses to display icons when a USB stick is connected to a PC.
Stuxnet—which New York Times reporter David Sanger said was the product of a joint operation between the US National Security Agency and its counterpart in Israel—took great pains not to spread outside of Iran. That effort famously failed. The worm has infected an estimated 100,000 or more computers around the world, the vast majority of which had nothing to do with Iran’s uranium-enrichment program.
