Stuxnet Malware Research - Recommended Papers

Stuxnet fascinated the world due to its Industrial Control Systems targeting and sophisticated infection capabilities. Recommended papers include Symantec's PLC infection analysis, Mandiant's memory analysis, ESET's detailed examination, Wired's coverage of potential Iran targeting, and Steven Bellovin's weaponized software analysis.

The Stuxnet worm has captured the headlines of many technical and mass-market publications. The world’s fascination with this malware specimen is due, in part, to it targeting of specific Industrial Control Systems and, in part, because of the sophistication of its infection capabilities.

Much has been written about Stuxnet. Here are my favorite 5 papers and articles about this worm:

• Exploring Stuxnet’s PLC Infection Process by Symantec’s Nicolas Falliere
• Stuxnet Memory Analysis and IOC Creation by Mandiant’s Peter Silberman
• Stuxnet Under the Microscope (PDF) by ESET’s Aleksandr Matrosov, Eugene Rodionov, David Harley and Juraj Malcho
• Blockbuster Worm Aimed for Infrastructure, But No Proof Iran Nukes Were Target by Kim Zetter
• Stuxnet: The First Weaponized Software? by Steven Bellovin

Stuxnet makes for a fascinating case study of both the motivation and capabilities of attackers and also the approaches for resisting and responding to infections of this nature in an enterprise environment.

Update 1: Symantec released an excellent paper exploring Stuxnet capabilities that were not yet known to the community (PDF by Nicolas Falliere, Liam Murchu and Eric Chie).

Update 2: Andrew Ruef published an insightful note that questions the conclusions drawn from the analysis of Stuxnet malware.