Stuxnet's creators are likely, according to the analysis produced by security firm Symantec, to have needed to get hold of SSL certificates in order to create files that had been "digitally signed to avoid suspicion".
BBC: Are secure websites still safe?