A powerful computer virus repeatedly struck five industrial sites in Iran over a period of ten months, security researchers have discovered. One organization was hit three times, and another, twice.
Targets could be identified because the Stuxnet virus collected the location and time of every infection. This was a unique feature which allowed the virus’s authors to monitor its progress. The worm first came to notice last year after analysis showed it appeared to have been written by a “nation state” to attack the Iranian nuclear program, which includes uranium enrichment facilities at Natanz.
Stuxnet affected industrial systems such as the Siemens Simatic S7-300 PLC CPU. These are not generally connected to the Internet for security reasons. It would have arrived by email or on a USB device. The virus has been traced to five Internet domains in Iran. Stuxnet gave new instructions to the programmable logic control software of machinery, which required intimate knowledge of the systems.
Stuxnet exploited several previously unknown vulnerabilities in Windows. It has been described as “one of the most sophisticated pieces of malware ever,” but Tom Parker of the Securicon security firm said it was not so advanced. Nonetheless, the Iranian uranium enrichment program has suffered setbacks.
The Institute for Science and International Security said that Stuxnet disabled 1,000 of Iran’s 9,000 centrifuges, machines that refine uranium. Iranian officials admitted the virus infected computers, but denied that it caused major delays, something with which the security researchers’ report agrees: Iran’s output of refined uranium did not fall last year, but neither did it increase significantly. The experience is said to have left the Iranians “rattled.”
Russia’s ambassador to NATO remarked recently that the virus “could lead to a new Chernobyl,” a reference to the infamous 1986 nuclear accident.source: spinport.com
