Stuxnet Worm Detection (uncredentialed check)

Critical Nessus Plugin ID 50658

Synopsis

The remote host seems to be infected by a variant of the Stuxnet worm.

Description

The remote host seems to be infected by the Stuxnet worm. This worm has several capabilities that allow an attacker to execute arbitrary code on the remote operating system.

The remote host might also be attempting to propagate the worm to third party hosts.

Solution

Update the host's antivirus and perform a full scan of the remote operating system.

See Also

http://www.nessus.org/u?84b6fa4b

http://www.nessus.org/u?0ede0219

Plugin Details

Severity: Critical

ID: 50658

File Name: stuxnet_detect_nocreds.nbin

Version: $Revision: 1.36 $

Type: remote

Family: Backdoors

Published: 2010/11/18

Modified: 2016/11/14

Dependencies: 10150, 10394, 11011

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Excluded KB Items: SMB/not_windows