Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:Spreading havoc? (Score 2, Informative) 390

by sh0dan (#33735232) Attached to: Stuxnet Worm Claimed To Be Devastating In Iran
The first version of Stuxnet (Stuxnet-A), uses a special "autorun.inf", that has an executable at the beginning of the file (which the autorun.inf parser skips). After the executable the "proper" information for the autorun.inf add another "Open" option for the rightclick menu. Selecting this will execute the content of autorun.inf (the malware). read about it here.

The second version (Stuxnet-B or Stuxnet!lnk), uses the zero-day .lnk file vulnerability, that will automatically execute the content, when you browse the content of the USB stick.

See the links for more detail - it's quite fascinating (also from a technical perspective).

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...