For those of you who do not know, Stuxnet is a computer virus created by the US government and Israel which targeted the hardware used by Iranian nuclear facilities. This piece talks about the ways in which non-governmental virus makers have learned from its success:
Malicious code apparently used by governments to spy on, harass, and sabotage one another has grabbed headlines in recent years, yet the highly targeted nature of such attacks have meant ordinary Web users have so far had little to fear. That may now be changing as some experts say the techniques used in sophisticated, state-backed malware are trickling down to less-skilled programmers who target regular Web users and their online accounts or credit card details.
“Cybercriminals read the news as well,” says Roel Schouwenberg, a security researcher with Russian computer security company Kaspersky. Schouwenberg adds that sophisticated, state-sponsored “cyberweapons and targeted attacks now give us some insight into what will be coming into the mainstream.”
State-sponsored malware became widely known in 2010 with the discovery of Stuxnet, a program targeted at Iranian industrial control systems and believed to have been sponsored by Israel and the United States (see “New Malware Brings Cyberware One Step Closer”). Since then, several other very sophisticated malware packages have been discovered that are also believed to have been made by governments or government contractors. These packages include Duqu, exposed late in 2011, and Flame, found in May 2012.