Stuxnet is a Trojan, not a worm

There's been a lot of buzz lately about malware (malicious software) called Stuxnet. It was first thought to mainly target WinCC (runs on Microsoft Windows), the supervisory control and data acquisition system by Siemens which controls valves, pipelines, and industrial equipment. The malware infects a computer via USB sticks and shared folders. Reports now say that Stuxnet's real aim is to sabotage the frequency converters in Iran's gas centrifuge plants, which turn uranium into atomic-bomb-grade fuel. The malware is thought to ramp-up the electrical current that supplies centrifuges until they spin so fast they fly apart.

That said, the mainstream news media keeps refering to Stuxnet as a worm. But Stuxnet is actually a Trojan, not a worm. While the words Trojan, worm, and virus are often used interchangeably, they are not exactly the same.

A computer virus is usually attached to an executable file, which doesn't actually affect a computer unless a human runs or opens the malicious program. People usually unknowingly spread a virus via emails with viruses as attachments.

A worm is usually considered a type of a virus, but it has the capability to travel without human action. It can self-replicate, meaning your computer might send out thousands of copies of itself, for example, to everyone in your email address book. Eventually, the worm uses so much system memory that individual computers, Web servers, and network servers crash.

And a Trojan is a harmful piece of software that looks legitimate, thus its name. Users are typically tricked into loading and executing a Trojan. Trojans can perform lots of dirty tricks: They can modify or delete files; let outsiders monitor your keystrokes; and let bad guys retrieve passwords or credit card information. Unlike viruses and worms, Trojans do not self-replicate.

Discuss this Blog Entry 0

Post new comment
or to use your Machine Design ID
Blog Archive
Connect With Us