Stuxnet has been troubling the world of cyber-security for over two years now. It is the most sophisticated piece of worm ever written, and has been tailored to attack particular infrastructures, making it the deadliest cyber-weapon of early 20th century. Now that it has been discovered and studied thoroughly (thanks to Symantec), many interesting facts have come to light, which will help deal with such attacks in future. However, the more people try to understand Stuxnet, the more it surprises them.
Recently, the earliest version of Stuxnet has been discovered, and christened Stuxnet 0.5. Stuxnet 0.5 reveals the evolution of this dreaded worm over the years. While still aimed at nuclear power plant infrastructures, Stuxnet 0.5 had a different behavior altogether. Help net Security writes,
Unlike Stuxnet versions 1.x that disrupted the functioning of the uranium enrichment plant by making centrifuges spin too fast or too slow, this one was meant to do so by closing valves.
Apparently, Stuxnet 0.5 did not meet the developer’s expectations (or perhaps ambitions), and it was developed further to attack centrifuges. However, the development frameworks used in both the versions were different; Flamer for version 0.5 and Tilded for version 1.x, suggesting that a different set of developers were involved in these two versions. Moreover, Stuxnet 0.5 was not designed to spread efficiently either. However, the most interesting part of the code was the one that stopped Stuxnet 0.5 from contacting its command and control center from January 11, 2009 and completely functioning beyond July 4, 2009.
Check out this YouTube video for a quick overview of Stuxnet and its attack patterns.
Symantec explains Stuxnet 0.5 in great detail in this whitepaper [link to PDF].