Kaspersky: Stuxnet leak is still being actively exploited

The leak that was used to attack Iranian nuclear facilities more than four years ago is still being actively exploited. That’s according to Kaspersky statistics. Windows XP users in particular are still often attacked.

Between November and June, Kaspersky detected 50 million attempts to install malware using the Stuxnet vulnerability through its security software, which sends statistics back to Kaspersky servers. That happened on 19 million unique PCs, according to a report released by Kaspersky.

The vulnerability was found in July 2010 and exploits a vulnerability in the way Windows handles shortcuts. This made it possible to install malware. The leak was exploited by Stuxnet, a worm that targeted Iranian nuclear facilities and comes from the US government, according to The New York Times.

The leak was already closed in the fall of 2010; that makes it all the more remarkable that attackers are still trying to exploit the vulnerability. The majority of attempts to exploit the vulnerability – 64.19 percent – take place on Windows XP. Users from Vietnam, India and Indonesia are most often attacked.

Kaspersky’s report further reveals that just five different bugs are responsible for 90 percent of infection attempts. This largely concerns bugs that were fixed years ago; the most recent leak is from 2013, the rest from previous years. These include a bug in Word, a vulnerability in Silverlight, and a flaw in the way Windows handles TrueType fonts.