Ever since it first hit the news in June, the story behind the Stuxnet worm has continued to evolve, gaining importance as new bits of information have come to light. Some researchers call the malware “groundbreaking” and say that it’s the most sophisticated piece of malware to date. Because of its level of complexity and sophistication, many have concluded that the Stuxnet worm is a state-backed attack on another government’s infrastructure—and some now report that Iran is the intended target.
Back in July, shortly after the Stuxnet worm was first discovered in the wild, experts learned that it was designed to target and infiltrate industrial supervisory control and data acquisition (SCADA) software, which is used to run chemical and electric power plants and factories. As experts reverse-engineered the worm, their findings were surprising to say the least. They found, for example, that the Stuxnet worm exploited four zero-day Windows bugs at once, which was previously unheard of.
More recently, researchers discovered that the Stuxnet worm can reinfect computers that have already been disinfected. It accomplishes this feat by targeting Step7 files that administrators use to configure Siemens software. If Step7 files are present on a Windows PC that has been attacked by the Stuxnet worm, they are automatically poisoned so that when they’re opened at a later time, they set off another bout of the infection.
A large percentage of Stuxnet infections have taken place in Iran whose nuclear program has come under close scrutiny as of late. These facts, coupled with the fact that the worm is designed to dismantle industrial systems, have led many news sources to report that the Stuxnet worm is aimed at undermining Iran’s nuclear program. Iran, however, has denied that any of its nuclear power plants have been hurt or disrupted by the malware, but some experts are skeptical.
And yet others, such as computer security blogger Nicolas Falliere, believe that the recent hype surrounding the Stuxnet worm and Iran is overblown. While his figures confirm that the Stuxnet worm’s presence in Iran is significant, his research also indicates that India and Indonesia have each sustained a greater number of attacks from the worm. Falliere presents evidence that calls the Iran theory into question.
Either way, it may be too early to know precisely who’s behind the Stuxnet worm or for whom it’s intended. As news sources rush to make conclusions, new facts will undoubtedly surface and this surprising and seemingly serious tale will continue to write itself.