How the Stuxnet Worm Formed Its Attacks—and Who Might Have It Now

By Andrew Moseman | February 15, 2011 1:57 pm

Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.

The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.

The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]

Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.

“My bet is that one of the infected sites is Kalaye Electric,” he wrote… “Again, we don’t have evidence for this, but this is how we would launch the attack – infecting a handful of key contractors with access to Natanz.” [CNET]

The news turning heads today, though, is that Anonymous, the “hacktivist” group in the news recently for coordinated attacks on behalf of WikiLeaks and Egyptian protesters, claims to have a version of Stuxnet.

“It would be possible [for Anonymous to use Stuxnet in an attack],” Cox said. “But it would require a lot of work, it’s certainly not trivial. “The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target – that requires a lot of research.” [The Guardian]

In addition, The Guardian quotes other security experts as saying Anonymous doesn’t have the key pieces of coding needed to launch an attack like last year’s on Iran. But that doesn’t mean the group couldn’t cause some mayhem.

“There is the real potential that others will build on what is being released,” Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, [said]. Gregg was quick to clarify that the group hasn’t released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying — which could act almost like a building block for cybercrooks. [Fox News]

Related Content:
80beats: Iran’s Nuclear Program: Scientists Attacked, Documents Wiki-Leaked
80beats: Internet Intrigue: China Reroutes the Web, Stuxnet Is Even Scarier
80beats: Iran Close to Completing Its First Nuclear Reactor. Should We Worry?
80beats: Super-Sophisticated Computer Virus Apparently Targeted Iran’s Power Plants

Image: iStockphoto


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar