Close this Advertisement

Stuxnet's kill switch seen as unusual feature

  • By Defense Systems Staff
  • Jun 29, 2012

On June 24, local time, the replication routines in Stuxnet malware turned themselves off, effectively halting the spread of the sophisticated cyber weapon, reports GCN.

“The code will still run, but one of the first things it does when it starts running is check the date” of the machine in which it has been installed, said Liam O Murchu, manager of operations for Symantec Security Response. If the date is after June 24, 2012, it no longer copies itself to USB memory sticks, the malware’s preferred means of spreading.

Like so much else in Stuxnet — apparently the first effective weaponized malware and reportedly the product of a U.S. government cyber weapons program — the kill switch is unusual, the story said.

“We don’t see that very often in threats,” O Murchu said. Sometimes it is used in tests of new malware to keep it from spreading and drawing attention to itself, but in a finished product, “it’s very unusual.”

 

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Webcast

  • Improving Performance Management and Project Control to Meet Cost/Schedule Milestones in DoD Procurement

    It can be nearly impossible to build annual budgets that consider forecasted project and program work plans along with detailed cost data, particularly when attempting to reconcile actual and projected program costs with actual schedule performance. In this webcast, a defense IT program manager will share best practices and hard-won lessons aligning critical data on project performance, cost systems and schedules for truly big picture program management insight. Read more