How the Stuxnet Worm Formed Its Attacks—and Who Might Have It Now

80beatsBy Andrew MosemanFeb 16, 2011 12:57 AM


Sign up for our email newsletter for the latest science news

Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world's attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next. The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec's Orla Cox.

The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five "industrial processing" organisations in Iran. "These were the seeds of all other infections," said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]

Though Symantec isn't naming the five targets in Iran

, another security expert studying Stuxnet's code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.

"My bet is that one of the infected sites is Kalaye Electric," he wrote... "Again, we don't have evidence for this, but this is how we would launch the attack - infecting a handful of key contractors with access to Natanz." [CNET]

The news turning heads today, though, is that Anonymous, the "hacktivist" group in the news recently for coordinated attacks on behalf of WikiLeaks and Egyptian protesters

, claims to have a version of Stuxnet.

"It would be possible [for Anonymous to use Stuxnet in an attack]," Cox said. "But it would require a lot of work, it's certainly not trivial. "The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target – that requires a lot of research." [The Guardian]

In addition, The Guardian quotes other security experts as saying Anonymous doesn't have the key pieces of coding needed to launch an attack like last year's on Iran. But that doesn't mean the group couldn't cause some mayhem.

"There is the real potential that others will build on what is being released," Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions, [said]. Gregg was quick to clarify that the group hasn't released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying -- which could act almost like a building block for cybercrooks. [Fox News]

Related Content: 80beats: Iran’s Nuclear Program: Scientists Attacked, Documents Wiki-Leaked

80beats: Internet Intrigue: China Reroutes the Web, Stuxnet Is Even Scarier

80beats: Iran Close to Completing Its First Nuclear Reactor. Should We Worry?

80beats: Super-Sophisticated Computer Virus Apparently Targeted Iran’s Power Plants

Image: iStockphoto

1 free article left
Want More? Get unlimited access for as low as $1.99/month

Already a subscriber?

Register or Log In

1 free articleSubscribe
Discover Magazine Logo
Want more?

Keep reading for as low as $1.99!


Already a subscriber?

Register or Log In

More From Discover
Recommendations From Our Store
Shop Now
Stay Curious
Our List

Sign up for our weekly science updates.

To The Magazine

Save up to 40% off the cover price when you subscribe to Discover magazine.

Copyright © 2023 Kalmbach Media Co.