Here is a Guardian article with some excellent information;
http://www.guardian.co.uk/technology/2012/aug/09/stuxnet-gauss-virus-kaspersky

Kaspersky is still actively working on figuring out the payload, and strangly they are asking for assistance.

https://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload

If you have the interest and capabilities you can contact them at the above site and get involved. Very very interesting just to get caught up on the current suspicions of what they think is going on.

It says its from paypai.com depending on your font the i will look like a L.

The exe looks like it has been reused but I don’t see any mention of it’s original file name. The original name appears to have been stickiestfilm.exe md5 42bbb627d3bcc12745e8a6fbd4b2c825.

It also appears to have been used in several other campaigns according to it’s technical data.

https://www.virustotal.com/file/a9cbb0ac7ce189f4340fd23f295b118b28d74709c47205fed58c464e0ffcd942/analysis/

So far the only behavior I have seen is that it opens a command shell on local port 8000 TCP and awaits incoming connections. I did not see it send any out bound packets of yet.

Next is some source analysis.

http://www.techworld.com.au/article/376509/nsw_ambulance_computers_coming_back_online/

If someone got injured or killed I would hope that if they could find who created the malware and that they would be charged with man slaughter.  When this software is created I don’t think that the authors are actually thinking that someone could be seriously hurt by it, but saying that they know what they are doing is wrong in the first place.  Also I know that an author of malware will say that its not their fault, and that the administrators of the network should do a better job defending the network.  That is just like breaking into houses and saying its not your fault they should have an alarm and better door lock, OR you could not break in to the home in the first place.

Two command and control servers, both were gone with-in 24 hours of the worms discovery.

During the initial release of the information the sites carrying the information came under a denial of service attack for 24 hours so who every was running the network had time to clean up.

So with all of this, I think who ever ran this got what they wanted out of it, more time would have been great. You can’t expect it not to be found and I think 24 months is a pretty good run for something like this, so 18 out of 24 is not bad at all.

Is this the first time weaponized software has been used?
I can’t think that is true at all, sure it’s the first time it’s been found but I would think something previously developed could be remotely wiped to try and avoid study and detection.

What is known is that stuxnet has the ability to jump between machines using removable media. If you read in to that, it makes you think that what ever it was targeting was something not connected to the internet. This can leave a short list of possible targets.

It had four zeroday attacks as a method of infection, I can’t recall a single variant of worm or virus having that kind of firepower.

It’s code was signed! Ta-da, it had not one but two digital certificates that where stolen to have it’s code trusted by the OS.

It targeted two specific SCADA systems one built by Seimens and the other by an Iranian company.

Once it starts targeting them it messes around with the speed of the centrifuges running them either way too fast or almost not at all while hiding this from the command and control infrastructure displays.

http://www.computerworld.com/s/article/9197138/European_banks_see_new_ATM_skimming_attacks

The shimming attack also mentioned sounds very neat, but again a lack of details.

This is a great utility to sandbox your application, the running application will think that it’s editing the system but you have the ability to delete the contents of the sandbox and revert the system back.

Specifically I think this is great for using IE, any of the little nasties that you can pick up on the internet can just disappear when you are done.

This is something that would be a good install for any users that really like to click on every link that appears on the screen or play their favorite online “free” games.

There is a small list of know conflicts listed on the site.

http://www.sandboxie.com/index.php?KnownConflicts

There is a few niceties that you can have with the registered version but with a little determination you should be able to get this running perfectly for your self or your users.

http://www.sandboxie.com/