Back in June a security firm in Belarus discovered the Stuxnet worm on the computers of some Iranian customers. Stuxnet is believed to have infected over 100,000 computers worldwide and some are speculating that the worm is aimed at disrupting Iran’s nuclear program as 60 percent of infected machines are there.
Wired reports that Stuxnet is designed to attack the Siemens Simatic WinCC SCADA system. These SCADA systems are installed in big facilities (like nuclear plants and utility companies) to manage operations. It's taken researchers three months to come to a conclusion as to what Stuxnet's creator had in mind when it was written. Experts now say that the worm is designed for sabotage and that the level of sophistication behind it suggests it may have had the support of a government or state-run organization.
Frank Rieger, chief technology officer at GSMK, told Bloomberg that the building of Stuxnet would have cost at least $3 million and taken a team of 10 programmers six months to complete.
"All the details so far to me scream that this was created by a nation-state," Rieger told Bloomberg in an interview.
Stuxnet works by infecting Windows machines and then spreads itself to additional machines via infected USB drives, searching for a way to reach the network's PLC (programmable logic controller). Stuxnet can then take control of the PLC and potentially alter the commands it sends through to machinery.
Over the weekend Iranian officials confirmed that 30,000 IP addresses in the country are infected with the malware. There has also been enormous amounts of speculation that computers at Iran's Bushehr power plant have been infected. Though the AFP cites Bushehr project manager Mahmoud Jafari as saying the virus has not caused any damage to the main systems of the plant, Jafari did say Stuxnet had been found on the personal computers of some of the staff. ComputerWorld also notes that yesterday the website of Iran's Atomic Energy Organization included a link to a story on Stuxnet that cited government officials who said "serious damage that caused damage and disablement" had been reported.
Siemens has released a detection and removal tool and advises against the use of third party USB sticks.
Version:1.0 StartHTML:0000000105 EndHTML:0000003314 StartFragment:0000002728 EndFragment:0000003278