What is Stuxnet? Stuxnet is a malicious computer worm that became infamous in its use to attack Iranian nuclear facilities. That attack made global news headlines in 2010 when it was first discovered. As Malwarebytes’ Senior Director of Threat Intelligence Jérôme Segura said in his article Stuxnet: new light through old windows, “Very few pieces of malware have garnered the same kind of worldwide attention as Stuxnet.”

While as a computer worm, Stuxnet is malicious software, it has been used to attack electro-mechanical equipment. As in the case of the major attack in Iran, attackers used Stuxnet to exploit multiple zero-day Windows vulnerabilities, search infected PCs for a connection to the software that controlled the electro-mechanical equipment, and send instructions intended to damage the equipment. While many types of malware infect a computer through the Internet, another unique feature of the Stuxnet attack in Iran is that the malware was introduced to the PCs via infected USB drives.

Memory analysis tools can help to identify malicious activity, code, and other evidence in memory dumps.

Volatility can be used during an investigation to link artifacts from the device, network, file system, and registry to ascertain the list of all running processes, active and closed network connections, running Windows command prompts, screenshots, and clipboard contents that ran within the timeframe of the incident.