14 DAY TRIAL // Security researchers from Symantec warn that a destructive trojan, which wipes all data from the system partition, poses as a Stuxnet removal tool developed by Microsoft.
The Stuxnet worm is considered the most sophisticated piece of malware ever created and is believed to announce a new paradigm shift in malware development.
There's been lot of speculation about who created Stuxnet and what was their intention, but one thing is clear – the malware has the ability to sabotage systems that monitor and control critical installations at power plants, oil and gas refineries, factories and other industrial facilities.
Its highly complex design and the fact that it exploited not one, but four zero-day vulnerabilities in Windows, clearly suggests that it is the work of professionals – probably a team – and not some amateur malware writer.
Considering all the hype that surrounded Stuxnet since its discovery in July, it's understandable that criminals would want to exploit some the public interest associated with the threat.
However, the new trojan found by Symantec, which the company has named Trojan.Fadeluxnet, has no apparent monetary motives behind it.
It was being passed around on forums where people discussed Stuxnet clean-up solutions, suggesting that it might target the worm's victims.
It comes with a name of "Microsoft Stuxnet Cleaner," in a likely attempt to leverage Microsoft's known active involvement in Stuxnet research.
When executed it makes registry modifications to prevent exe, mp3, jpg, bmp and gif files from opening. And as if that doesn't cripple the system enough, it also starts deleting all files from the system partition.
"The tool will certainly remove Stuxnet if it was on the C drive but it will also take with it any other content including your valuable data," Shunichi Imano, a researcher at Symantec, warns.
Most respectable antivirus programs should have Stuxnet detection and clean-up routines by now, but, if you're looking for a stand-alone tool, BitDefender released one recently.
Please note, however, that inside industrial facilities, where Stuxnet was designed to thrive, infections can be much more complicated and can also involve SCADA project files. In these cases, contracting specialized help is the way to go.