Three things you need to know about Stuxnet malware

Anyone with a working knowledge of computers and the Internet knows of malware — a catch-all term for software that attacks a computer’s systems, like a virus or Trojan Horse.

These kinds of software pose a real threat to your personal security. There’s risks of losing your data, compromising your banking information or losing your hard drive altogether if malware makes its way into your PC’s vital systems.

Now imagine computer malware so dangerous that it works its way into a country’s nuclear facilities, spying and attacking digital infrastructure on an industrial scale.

The bad news? That kind of malware already exists.

It’s called Stuxnet — an extremely sophisticated computer worm that spreads indiscriminately across targeted networks.

The virus is alleged to have been created by American and Israeli intelligence services to attack software and equipment that runs Iran’s nuclear program. Stuxnet’s origins have been shrouded in mystery, yet this week, news emerged that the malware — originally believed to have been deployed against Iran back in 2009 — was released against Iran as early as 2007. Further, new evidence has been uncovered that an early version of the malware was deployed into the wild as far back as 2005, most likely from the United States.

[ Related: Cyberattack leaves natural gas pipelines vulnerable to sabotage ]

Symantec, the U.S.-based computer security firm that reverse-engineered Stuxnet to learn more about it, is reported to have found a ‘missing link’ to the date the virus was first deployed to sabotage Iranian nuclear plants.

There’s a lot of reasons to be both fascinated and concerned about Stuxnet. The release of Stuxnet against Iran was a very public declaration that we’ve entered a new, very dangerous era in international relations: cyberwarfare.

Like any new technology, there’s much that we don't know about the capabilities of an entity like Stuxnet. While we may know the risks imposed by malware on our own PCs, the risks of software that some might call a digital Weapon of Mass Destruction (WMD) like Stuxnet remain more of a mystery. Here are some of the key things you should know about a malware program like Stuxnet:

There’s no international treaty against the use of cyber weapons, so everything is currently fair game

Unlike WMDs that have immediate destructive power against human life, there’s no global agreement on the regulation of cyber weapons. This is entirely new, uncharted territory for countries in the business of war.

As was reported in the New York Times last year, cyber weapon development is not bound by any international legal treaty. Since they're still relatively new technology as compared to, say, a nuclear warhead, there's real fears in some quarters that this kind of weapon — a technology that can do things ranging from taking over a laptop remotely to disabling power plants — will usher in a new dimension to international terrorism.

The Times' piece makes this disturbing issue very clear:

Stuxnet is no ordinary piece of malware -- it's incredibly hard to catch and stop

The technical aspects of Stuxnet are relatively complex, but here's a primer on what Stuxnet is and the consequences of it:

In a nutshell, the Stuxnet software is a lot like a smart bomb; it has a specific target selected and exploits the weaknesses of a system it already has working knowledge of. Spreading through flaws in Microsoft Windows via USB memory sticks, Stuxnet's deceptive qualities make it difficult to tell not only who is being targeted, but why.

In the case of Iran, the Stuxnet virus was designed to seek out the weak spots of Siemens industrial equipment that run nuclear centrifuges. More alarmingly, Stuxnet was not clearly identified as an intruder to the systems running Iran's nuclear systems. This makes Stuxnet extremely dangerous, given that so many of the world's industrial software systems run on Siemens equipment.

Stuxnet may be a harbinger of a 'cyber Pearl Harbour'

When most people think of a WMD, they think about nightmare scenarios involving a mushroom cloud where New York City used to be or a smallpox pandemic being unleashed onto a population through a bio-terrorist group. All of these scenarios are hypothetically possible, yet none of them have as much immediate potential for occurring as a cyber terrorist attack.

[ More Right Click: Splitsecnd device notifies 911 when you've been in a car accident ]

According to Dell Inc.'s chief security officer, John McClurg, it isn't just big nations that are regularly engaging in organized, complex acts of cyberwarfare against countries. Extra-national actors, ranging from criminal gangs to terrorist groups, are going after American targets with increasing frequency.

The consequences of Stuxnet are clear: as the first public indication of cyberwar by one nation against another, it's impossible to tell at this point what the blow-back will be to the American people. Yet one thing is clear: a cyber weapon like Stuxnet has, if properly deployed, the capability to disrupt a huge number of public services that are all connected to the Internet.

One possible scenario could involve the deployment of malware that quickly spreads from one central location, infecting computers worldwide and taking down thousands of servers that run the Internet.

While it is impossible to predict what will happen, Stuxnet's emergence — and our increasing dependence on the Internet in every way — means that our digital infrastructure may become a more tempting target for terrorists looking to disrupt our daily lives.

Need to know what’s hot in tech? Follow @yrightclick on Twitter!