Stuxnet Comes with Realtek

Be aware when downloading or opening a file in USB drives, as a driver that is signed by Realtek Corporation. Stuxnet, one of the dangerous rootkit that has multi-attacking capability, has been attacking SCADA systems with a known vulnerability. It has started attacking mobiles as well. The nature it has attached to the Realtek Semi conductor corporation is making many companies to think about removing their Certificates as their softwares are becoming unusable.



Stuxnet creates two drivers on the compromised machine, called mrxcls.sys and mrxnet.sys. The drivers are used to mask the malware on both the USB drive and the infected PC. Those two drivers are signed using the certificate of Realtek. The program doesn't seem to do anything else malicious after it's on a new machine, except for copying its file to another USB attached to the PC.
Even the Certificate Issuer VeriSign has verified it and given it as a good driver to be downloaded.

This Trojan has been detected by a company called VirusBlokAda for the first time in Mid June 2010. Digitally signed drivers are legitimate components of the software on a USB drive that have characteristics of a rootkit.

Posted in: PC Support,Sality attacks Realtek,Sality virus Symptoms,Technical Support,TechSupp 247