• First known sample

  • Discovery

  • Number of targets

  • Current status

    Inactive since 2009
  • Type

  • Targeted platforms

  • TOP targeted countries

    Germany , Italy , Kazakhstan , Latvia , Lithuania , Poland , Russia , Spain , Ukraine , United Arab Emirates
  • Connected attacks

  • The way of propagation

    Self-replication , USB cables
  • Purpose/Functions

    Cyberespionage , Data wiping
  • Special features
    Ability to scan computers for data, open backdoors, and send data through those backdoors to a remote command and control server
  • Targets

    Diplomatic organizations/embassies , Military
  • Artefacts/Attribution
    Artifacts suggest Russian speaking malware authors
  • Description

    A worm that was originally discovered in 2007 when it was used to infect US military networks via an infected USB flash drive. It can scan computers for data and open backdoors through which to communicate with a remote command and control server. After copying itself from one USB flash drive to another, the worm then spread worldwide, with Russia leading the number of infections.

    Additional information