Stuxnet's kill switch seen as unusual feature
- By Defense Systems Staff
- Jun 29, 2012
On June 24, local time, the replication routines in Stuxnet malware turned themselves off, effectively halting the spread of the sophisticated cyber weapon, reports GCN.
“The code will still run, but one of the first things it does when it starts running is check the date” of the machine in which it has been installed, said Liam O Murchu, manager of operations for Symantec Security Response. If the date is after June 24, 2012, it no longer copies itself to USB memory sticks, the malware’s preferred means of spreading.
Like so much else in Stuxnet — apparently the first effective weaponized malware and reportedly the product of a U.S. government cyber weapons program — the kill switch is unusual, the story said.
“We don’t see that very often in threats,” O Murchu said. Sometimes it is used in tests of new malware to keep it from spreading and drawing attention to itself, but in a finished product, “it’s very unusual.”