There are few Irreal readers, I sure, who don’t know what Stuxnet was and, whatever their feelings about the underlying politics, don’t consider it a tour de force of software engineering. Recently a new candidate for the championship of such software became known: Fast16. It predates Stuxnet by 5 years and remained undetected for 21 years.
Unlike Stuxnet, its purpose was not to destroy centrifuges or any other piece of hardware. Rather, it’s purpose was to corrupt scientific calculations by giving results that seems correct and were consistent but were, in fact, wrong. It’s goal was probably the same as Stuxnet: to disrupt the Iranian nuclear weapons program.
Fast16 was much more than just a hacked math library. It was highly specific in the machines that it targeted. The delivery mechanism had an embedded Lua interpreter that made it easy to adapt the malware without starting from scratch with a new version.
The heart of the system is a kernel module that first looks for software built with the Intel C++ compiler. Files that match have their floating point calculation routines replaced in memory, not on disk. The new routines do further matching looking for various simulation packages used in weapons development. Those packages have their in memory images altered to give wrong, but seemingly good, results.
There’s a lot more detail in the article linked above so you should take a look at it if this story interests you at all. Most of us are not, of course, interested in writing malware but every software engineer has to admire the workmanship that went into Fast16.