Wednesday, February 16, 2011

Anonymous Releases Stuxnet Source Code

Fox News reports that an unencrypted version of the Stuxnet worm source code has been released online by the group known as Anonymous. This version was being studied by HBGary Federal and was discovered when Anonymous hacked into their network earlier this month.

For those who don't know the Stuxnet worm was the first computer worm to specifically target SCADA (Supervisory Control and Data Acquisition) systems and also the first known worm to install a rootkit on a PLC (Programmable Logic Controller). It is largely regarded as the most sophisticated piece of computer malware to date. Experts worry that this source code could be studied by attackers to create similar sophisticated attacks.

For a more in-depth look at what Stuxnet is I suggest reading over the Wikipedia entry or watch this youtube video by Semantec demonstrating what Stuxnet does to a PLC.

The decompiled source code can be found here, and for more news and updates on the source code follow @stuxnetsource.

I link to the source because I believe knowledge is for everyone and the more people that can study these types of malware the better off we all are because the more wide spread the knowledge the less powerful it becomes.


  1. But, with the mass amounts of idiots around, the source could could also be used as a prank, or as just simple curiosity. Sure more information on the problem to lead towards a solution, but before hand it might all go down hill.

  2. Great information.

  3. And now Anonymous has the source code...Oops

  4. The "source" is just a dump disassembly showing nothing to noone.

    The stuxnet source would contain the original, commented, c or cpp files and the step7 project (or the resources, where the data modules and function blocks are stored).

  5. Do you think it would be real source code or just generated by IDA?

  6. The source is not the original source code, but disassembled code from IDA, Olly, or a similar program. This is still useful to reverse engineer to find the exploit code used and identifying artifacts of either the family of malware or best case the authors.

    This code is in assembly, so it's more difficult to decipher and it often comes packed (obscured in some way so the real assembly code can't be read by investigators). There are programs that attempt to decompile the malware into C code, but this is generally ugly code that isn't very readable.


Praise me or Flame me, I appreciate the feedback.