Home / malware Trojan:Win32/Stuxnet.A
First posted on 31 July 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Stuxnet.A is also known as Worm.Win32.Stuxnet.a (Kaspersky), W32/Stuxnet.A (Norman), Worm/Stuxnet.A.6 (Avira), Win32.Worm.Stuxnet.B (BitDefender), Trojan.Stuxnet.1 (Dr.Web), Win32/Stuxnet.C (ESET), Worm.Win32.Stuxnet (Ikarus), Stuxnet (McAfee), W32/Stuxnet-E (Sophos), WORM_STUXNET.AB (Trend Micro).
Explanation :
Trojan:Win32/Stuxnet.A is a malware component of the Stuxnet worm. It monitors the activities between a legitimate application and a legitimate DLL file, possibly to steal information.
Top
Trojan:Win32/Stuxnet.A is a malware component of the Stuxnet worm. It arrives in the computer as the following file:s7otbxdx.dll The malware file itself is a wrapper over the legitimate DLL file "s7otbxsx.dll", which is a part of the Siemens Simatic S7 PLC (an automation system based on Programmable Logic Computers) software package. Trojan:Win32/Stuxnet.A intercepts transmission between a legitimate application and the legitimate DLL file. To do this, it hooks the functions exported by "s7otbxsx.dll". Trojan:Win32/Stuxnet.A monitors the following functions, possibly to steal or hide sensitive information: s7_event s7ag_bub_cycl_read_create s7ag_bub_read_var s7ag_bub_read_var_seg s7ag_bub_write_var s7ag_bub_write_var_seg s7ag_link_in s7ag_read_szl s7ag_test s7blk_delete s7blk_findfirst s7blk_findnext s7blk_read s7blk_write s7db_close s7db_open
Analysis by Daniel RaduLast update 31 July 2010