Free Stuxnet Removal Tool From BitDefender
Stuxnet worm was primarily written to target Windows Supervisory Control and Data Acquisition (SCADA) systems used to control and watch industrial processes. It is the first-ever computer worm to include a PLC (programmable logic controllers) rootkit to hide itself and target critical industrial infrastructure. Successful exploitation of this vulnerability results in the injection of a backdoor, as well as the installation of two rootkits that will hide both the .lnk files and the accompanying .tmp files.
Russian digital security company Kaspersky Labs released a statement that described Stuxnet as “a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world. Or, people can simply avoid the danger by not using Microsoft products.” Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60 percent of the infected computers worldwide were in Iran, suggesting its industrial plants were the target. Kaspersky Labs concluded that the attacks could only have been conducted “with nation-state support”, making Iran the first target of real cyber warfare.
Stuxnet attacks Windows systems using four zero-day attacks (including the CPLINK vulnerability and a vulnerability used by the Conficker worm) and targets systems using Siemens’ WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives and then uses other exploits to infect other WinCC computers in the network. Once inside the system it uses the default passwords to command the software. Siemens, however, advises against changing the default passwords because it “could impact plant operations.” (via)
Many security vendors have released Stuxnet removal tool and Microsoft has released Stuxnet FixIt tool too. In one of our earlier article “Out-of-band Windows Security Patch to Address Windows Shell Vulnerability,” we have talked about the Microsoft Fix-IT solution, a solution called the G Data LNK Checker to block malicious LNK files, and a Stuxnet Rootkit Remover to clean the infected computers from common Stuxnet variants.
Now, BitDefender has also released a free Stuxnet (Win32.Worm.Stuxnet) removal tool. This tool is capable of removing all known variants of Win32.Worm.Stuxnet, as well as the rootkit drivers that are used to hide critical components of the worm. The tool can be run on both 32-bit and 64-bit Windows operating system installations and will eliminate both the rootkit drivers and the worm.