Nov 27, 2010Mohit Kumar
TrendLabs has created a STUXNET Scanner Tool to help administrators with clues to determine which computers in their networks are still infected by STUXNET. This tool helps administrators identify infected machines within their own networks even if STUXNET is not communicating as STUXNET installs both server and client components for a Remote Procedure Call in infected computers in order for the
computers to communicate and update each other.
Once installed and run, the tool enumerates live
IP addresses within the internal network and sends spoofed packets similar to the packets sent by known STUXNET variants. Any host infected with STUXNET will respond to this spoofed packet. Through this, network administrators can easily identify which IPs are infected within
the network, thereby helping them perform the necessary actions to isolate and clean the said system.
A good initiative, we must say by the TrendLabs! This is a Windows only tool.
Download the free STUXNET Scanner Tool here
Found this article interesting? Follow us on
Twitter and
LinkedIn to read more exclusive content we post.
