So, there’s lots of explanations of what Stuxnet was, who likely made it, and what it was for. But for an explanation of how it worked:

Stuxnet was a computer worm, which is a particular kind of virus. You might have heard the term before, but it’s fairly rare because worms are much harder to create than other viruses. The defining feature of a worm is that worms can spread on their own, with no outside assistance. Most viruses require you to do something like download a shady infected file, or run an infected program, or otherwise do something to “active” the virus. Worms, however, can run *themselves*, and usually in a way that the user doesn’t even notice.

This worm would install itself on any kind of portable storage, such as a flash drive, that was plugged into an infected computer. Once the drive was infected, it would automatically run an infection script to install Stuxnet on any computer that it was plugged into, allowing it to silently spread.

Once Stuxnet was installed onto a machine, it would install a rootkit to ensure it was difficult to remove. Rootkits are another class of virus that are more difficult to create than usual — they are capable of taking complete control of the target machine (in other words, they are a kit to gain “root” access). Once they have root control, they are able to hijack and fool any other software on the machine, including things like antivirus that would otherwise be able to detect and remove the virus.

The final part of Stuxnet was the payload, which is the actual malicious software that it was trying to execute. For Stuxnet, the purpose of the payload was incredibly specialized — it attempted to infect a very specific kind of computer that was used in industrial settings, most notably in Iran’s uranium centrifuges. These machines were not directly connected to the internet, which is why the worm was designed to spread via flash drives. Once Stuxnet detected that it was plugged into one of these target machines, it would deploy its malware payload that would do several things:

1. It would install another rootkit specifically designed to infiltrate a particular model of Siemens industrial equipment connected to a particular kind of industrial motor running at a frequency that pretty much only uranium gas centrifuges operate at.
1. The rootkit would take over control over the motor, while sending fake signals to the control computer to make it look like they were running normally, so that the operators didn’t notice anything wrong with them.
1. The rootkit would then modify the maximum speed of the uranium centrifuges to far, far past the safe limit for 15 minutes, before returning to normal speed. This put stress on the centrifuges and warped them.
1. It would then lay dormant for 27 days, to make detection more difficult.
1. Finally, it would suddenly slow the centrifuges down to much, much lower speeds than they were meant to handle. Combined with the warping caused by the earlier overspeed, this was intended to cause them to catastrophically fail and destroy themselves.

Finally, if Stuxnet did *not* detect any industrial centrifuge equipment, it was designed to silently self-delete on June 24, 2012.

Stuxnet’s design was incredibly complex, used a number of so-called “0-day exploits” (security holes that are not yet known to security researchers, ensuring that no patches for them exist), and was remarkably gentle to all the computers it installed itself on except the targeted industrial centrifuges, causing no lasting harm and eventually deleting itself. All of these factors made it very clear to security researchers that this was almost certainly a virus designed by a nation-state actor specifically to disrupt Iranian uranium processing while causing minimal collateral damage. (It’s generally believed to have come from a joint US-Israli team of hackers)