Stuxnet virus might be aimed at Iran: Security experts

Cyber security experts have identified a most sophisticated malware which they believe was probably aimed at "high value" infrastructure in Iran.

Updated: Sep 24, 2010, 18:54 PM IST

London: Cyber security experts have identified
a most sophisticated malware which they believe was probably
aimed at "high value" infrastructure in Iran, which is at odds
with the West over its controversial nuclear programme.

The malware called Stuxnet worm, which was first detected
in June and has been extensively studied ever since, could
have been designed to target real-world infrastructure such as
power stations, water plants and industrial units in Iran, the
experts said.

The complexity of the worm suggests it could only have
been written by a "nation state", claimed some researchers.

"The fact that we see so many more infections in Iran
than anywhere else in the world makes us think this threat was
targeted at Iran and that there was something in Iran that was
of very, very high value to whomever wrote it," Liam O`Murchu
of security firm Symantec, who has tracked the worm since it
was first detected, told BBC News.

Some experts have speculated that it could have been
aimed at disrupting Iran`s delayed Bushehr nuclear power plant
or the uranium enrichment plant at Natanz.

However, O`Murchu and others, such as security expert
Bruce Schneier, have said that there was currently not enough
evidence to draw conclusions about what its intended target
was or who had written it.

Initial research by Symantec showed that nearly 60 per
cent of all infections were in Iran. That figure still stands,
said O`Murchu, although India and Indonesia have also seen
relatively high infection rates.

According to the experts, the malware is transferred
between machines by USB memory stick, which means that even
computers that are not connected to the Internet for security
reasons are still susceptible to it, they said.

Stuxnet searches for software, made by computer giant
Siemens, that is often used to control systems in industrial
facilities such as power plants. It can then be used to
reprogramme a software to force a computer to carry out
different commands, they said.

"There are a lot of new, unknown techniques being used
that we have never seen before," O`Murchu said. These include
tricks to hide itself on PLCs (programmable logic control
software) and USB sticks as well as up to six different
methods that allowed it to spread.

In addition, it exploited several previously unknown and
unpatched vulnerabilities in Windows, known as zero-day
exploits, the expert said.

Admitting that there is growing concern in many countries
about the threat of cyber terrorism, Robert Mueller, head of
the Federal Bureau of Investigation, said the threat was "real
and troubling".

"A cyber-attack could have the same impact as a
well-placed bomb," he said at a recent security conference.

PTI