25 September 2010

Dean Takahashi: Stuxnet computer worm takes its toll on Iran, where nuclear plant may be target

Iranian officials have confirmed that the Stuxnet computer worm has infected at least 30,000 computers in the country.

The worm attacks industrial control systems. Because of that, officials have wondered whether Iran was targeted because hackers wanted to take down its controversial nuclear reactor, which is feared to be making high-grade plutonium for nuclear weapons. The Stuxnet worm, first discovered in June by Belarus-based security firm VirusBlokAda, might have been an attempt to disable the Bushehr reactor from afar.

Experts from Iran’s Atomic Energy Organization reportedly met this week to discuss how to remove the malware. The worm targets control systems that use Siemens’ SCADA software (supervisory control and data acquisition), which operates all sorts of factories from power plants to military installations. Symantec reported that Iran was hit hardest by Stuxnet, which was spread through universal serial bus (USB) flash memory drives that were left in areas where unsuspecting employees could pick them up and plug them into their computers.

Roughly 60 percent of all incidents related to Stuxnet have been reported in Iran. The question arises as to who created the Stuxnet worm and whether it was a state that doesn’t want Iran to have nuclear weapons.

Stuxnet exploited multiple unpatched vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, and hid its code by using software known as a rootkit. Microsoft hasn’t fully fixed the vulnerabilities. U.S. cybersecurity officials told the Associated Press they didn’t know who created the worm or what its purpose is. Certainly, it can disable more SCADA-based machines than just those in Iran.