One of the most sophisticated and complex pieces of malware ever detected was probably targeting “high-value” infrastructure in Iran, BBC News reports.
Some researchers claim the intricacy of Stuxnet indicates the malware could only have been created by a national government agency. Experts believe the malware to be the first of its kind to target critical infrastructure such as power stations, water plants and industrial units. Although the worm was first detected it June, it may have been circulating in 2009.
“The fact that we see so many more infections in Iran than anywhere else in the world makes us think this threat was targeted at Iran and that there was something in Iran that was of very, very high value to whomever wrote it,” Symantec’s Liam O’Murchu told BBC .
Some have suggested Stuxnet could have been aimed at disrupting Iran’s delayed Bushehr nuclear power plant or the uranium-enrichment plant at Natanz. However, other experts, including cybersecurity guru Bruce Schneier, said there currently was not enough evidence to conclude what the worm’s intended target was or who had written the malicious code.
The Stuxnet worm targets systems that are traditionally not connected to the Internet for security reasons, infecting Windows machines via USB drives containing malware. After infecting a machine on a firm’s internal network, it seeks out a specific configuration of industrial control software made by Siemens. Once hijacked, the code can reprogram programmable logic control software to give attached industrial machinery new instructions.
“It is rare to see an attack using one zero-day exploit,” Mikko Hypponen, chief research officer at security firm F-Secure, told BBC. “Stuxnet used not one, not two, but four.”
O’Murchu said that his analysis suggested that whoever had created the malware had put plenty of effort into it.
“It is a very big project, it is very well planned, it is very well funded,” he said. “It has an incredible amount of code just to infect those machines.”
Cyber Command chief Gen. Keith B. Alexander confirmed this week that U.S. armed forces are aware of the dangers of Stuxnet, saying early indications showed the worm was “very sophisticated,” Guardian reported.