So, there’s lots of explanations of what Stuxnet was, who likely made it, and what it was for. But for an explanation of how it worked:

Stuxnet was a computer worm, which is a particular kind of virus. You might have heard the term before, but it’s fairly rare because worms are much harder to create than other viruses. The defining feature of a worm is that worms can spread on their own, with no outside assistance. Most viruses require you to do something like download a shady infected file, or run an infected program, or otherwise do something to “active” the virus. Worms, however, can run *themselves*, and usually in a way that the user doesn’t even notice.

This worm would install itself on any kind of portable storage, such as a flash drive, that was plugged into an infected computer. Once the drive was infected, it would automatically run an infection script to install Stuxnet on any computer that it was plugged into, allowing it to silently spread.

Once Stuxnet was installed onto a machine, it would install a rootkit to ensure it was difficult to remove. Rootkits are another class of virus that are more difficult to create than usual — they are capable of taking complete control of the target machine (in other words, they are a kit to gain “root” access). Once they have root control, they are able to hijack and fool any other software on the machine, including things like antivirus that would otherwise be able to detect and remove the virus.

The final part of Stuxnet was the payload, which is the actual malicious software that it was trying to execute. For Stuxnet, the purpose of the payload was incredibly specialized — it attempted to infect a very specific kind of computer that was used in industrial settings, most notably in Iran’s uranium centrifuges. These machines were not directly connected to the internet, which is why the worm was designed to spread via flash drives. Once Stuxnet detected that it was plugged into one of these target machines, it would deploy its malware payload that would do several things:

1. It would install another rootkit specifically designed to infiltrate a particular model of Siemens industrial equipment connected to a particular kind of industrial motor running at a frequency that pretty much only uranium gas centrifuges operate at.
1. The rootkit would take over control over the motor, while sending fake signals to the control computer to make it look like they were running normally, so that the operators didn’t notice anything wrong with them.
1. The rootkit would then modify the maximum speed of the uranium centrifuges to far, far past the safe limit for 15 minutes, before returning to normal speed. This put stress on the centrifuges and warped them.
1. It would then lay dormant for 27 days, to make detection more difficult.
1. Finally, it would suddenly slow the centrifuges down to much, much lower speeds than they were meant to handle. Combined with the warping caused by the earlier overspeed, this was intended to cause them to catastrophically fail and destroy themselves.

Finally, if Stuxnet did *not* detect any industrial centrifuge equipment, it was designed to silently self-delete on June 24, 2012.

Stuxnet’s design was incredibly complex, used a number of so-called “0-day exploits” (security holes that are not yet known to security researchers, ensuring that no patches for them exist), and was remarkably gentle to all the computers it installed itself on except the targeted industrial centrifuges, causing no lasting harm and eventually deleting itself. All of these factors made it very clear to security researchers that this was almost certainly a virus designed by a nation-state actor specifically to disrupt Iranian uranium processing while causing minimal collateral damage. (It’s generally believed to have come from a joint US-Israli team of hackers)

So, there’s lots of explanations of what Stuxnet was, who likely made it, and what it was for. But for an explanation of how it worked:

Stuxnet was a computer worm, which is a particular kind of virus. You might have heard the term before, but it’s fairly rare because worms are much harder to create than other viruses. The defining feature of a worm is that worms can spread on their own, with no outside assistance. Most viruses require you to do something like download a shady infected file, or run an infected program, or otherwise do something to “active” the virus. Worms, however, can run *themselves*, and usually in a way that the user doesn’t even notice.

This worm would install itself on any kind of portable storage, such as a flash drive, that was plugged into an infected computer. Once the drive was infected, it would automatically run an infection script to install Stuxnet on any computer that it was plugged into, allowing it to silently spread.

Once Stuxnet was installed onto a machine, it would install a rootkit to ensure it was difficult to remove. Rootkits are another class of virus that are more difficult to create than usual — they are capable of taking complete control of the target machine (in other words, they are a kit to gain “root” access). Once they have root control, they are able to hijack and fool any other software on the machine, including things like antivirus that would otherwise be able to detect and remove the virus.

The final part of Stuxnet was the payload, which is the actual malicious software that it was trying to execute. For Stuxnet, the purpose of the payload was incredibly specialized — it attempted to infect a very specific kind of computer that was used in industrial settings, most notably in Iran’s uranium centrifuges. These machines were not directly connected to the internet, which is why the worm was designed to spread via flash drives. Once Stuxnet detected that it was plugged into one of these target machines, it would deploy its malware payload that would do several things:

1. It would install another rootkit specifically designed to infiltrate a particular model of Siemens industrial equipment connected to a particular kind of industrial motor running at a frequency that pretty much only uranium gas centrifuges operate at.
1. The rootkit would take over control over the motor, while sending fake signals to the control computer to make it look like they were running normally, so that the operators didn’t notice anything wrong with them.
1. The rootkit would then modify the maximum speed of the uranium centrifuges to far, far past the safe limit for 15 minutes, before returning to normal speed. This put stress on the centrifuges and warped them.
1. It would then lay dormant for 27 days, to make detection more difficult.
1. Finally, it would suddenly slow the centrifuges down to much, much lower speeds than they were meant to handle. Combined with the warping caused by the earlier overspeed, this was intended to cause them to catastrophically fail and destroy themselves.

Finally, if Stuxnet did *not* detect any industrial centrifuge equipment, it was designed to silently self-delete on June 24, 2012.

Stuxnet’s design was incredibly complex, used a number of so-called “0-day exploits” (security holes that are not yet known to security researchers, ensuring that no patches for them exist), and was remarkably gentle to all the computers it installed itself on except the targeted industrial centrifuges, causing no lasting harm and eventually deleting itself. All of these factors made it very clear to security researchers that this was almost certainly a virus designed by a nation-state actor specifically to disrupt Iranian uranium processing while causing minimal collateral damage. (It’s generally believed to have come from a joint US-Israli team of hackers)

Stuxnet was a 0 day exploit – meaning the centrifuges controlling systems in the plant were infected with the original software release for the centrifuges. Siemen the manufacturer of the equipment and software released the exploit with its production installations. The Worm was given to five different companies who were working with Siemens. The worm was introduced into these subcontractors via thumb drives that were plugged into desktops by employees of the subcontractors. Siemens internal systems were infected by the interfacing with these subcontractors, Stuxnet was successful because it didn’t cripple the machines quickly, and by regulating the centrifuge speed it would cause physical failures in the equipment and because the failures were mechanical they didnt look for software exploits for a long time. . The exploit was specifically targeted at unique machines used in this plant.

Stuxnet was a 0 day exploit – meaning the centrifuges controlling systems in the plant were infected with the original software release for the centrifuges. Siemen the manufacturer of the equipment and software released the exploit with its production installations. The Worm was given to five different companies who were working with Siemens. The worm was introduced into these subcontractors via thumb drives that were plugged into desktops by employees of the subcontractors. Siemens internal systems were infected by the interfacing with these subcontractors, Stuxnet was successful because it didn’t cripple the machines quickly, and by regulating the centrifuge speed it would cause physical failures in the equipment and because the failures were mechanical they didnt look for software exploits for a long time. . The exploit was specifically targeted at unique machines used in this plant.

Stuxnet was a 0 day exploit – meaning the centrifuges controlling systems in the plant were infected with the original software release for the centrifuges. Siemen the manufacturer of the equipment and software released the exploit with its production installations. The Worm was given to five different companies who were working with Siemens. The worm was introduced into these subcontractors via thumb drives that were plugged into desktops by employees of the subcontractors. Siemens internal systems were infected by the interfacing with these subcontractors, Stuxnet was successful because it didn’t cripple the machines quickly, and by regulating the centrifuge speed it would cause physical failures in the equipment and because the failures were mechanical they didnt look for software exploits for a long time. . The exploit was specifically targeted at unique machines used in this plant.

It was successful because it managed to infect an isolated (air-gapped) computers. These computers were all completely disconnected from the internet, so there was no way to send the Worm over.

To get around this, USB thumb drives were just dropped in the parking lot with the worm on them. Human curiosity took over.

One of the people working on that isolated network found the drive and plugged it in to see what was on it… and the worm immediate went to work.

The worm itself wasn’t terribly complicated. It just made a spinning thing spin too fast and break. And it really only does that one thing (well, that and spread itself).

If you had stuxnet on your computer, it really wouldn’t do anything dramatic. But if you were using that computer to control large industrial centrifuges, then stux would be an issue.

It was successful because it managed to infect an isolated (air-gapped) computers. These computers were all completely disconnected from the internet, so there was no way to send the Worm over.

To get around this, USB thumb drives were just dropped in the parking lot with the worm on them. Human curiosity took over.

One of the people working on that isolated network found the drive and plugged it in to see what was on it… and the worm immediate went to work.

The worm itself wasn’t terribly complicated. It just made a spinning thing spin too fast and break. And it really only does that one thing (well, that and spread itself).

If you had stuxnet on your computer, it really wouldn’t do anything dramatic. But if you were using that computer to control large industrial centrifuges, then stux would be an issue.

It was successful because it managed to infect an isolated (air-gapped) computers. These computers were all completely disconnected from the internet, so there was no way to send the Worm over.

To get around this, USB thumb drives were just dropped in the parking lot with the worm on them. Human curiosity took over.

One of the people working on that isolated network found the drive and plugged it in to see what was on it… and the worm immediate went to work.

The worm itself wasn’t terribly complicated. It just made a spinning thing spin too fast and break. And it really only does that one thing (well, that and spread itself).

If you had stuxnet on your computer, it really wouldn’t do anything dramatic. But if you were using that computer to control large industrial centrifuges, then stux would be an issue.