(The Hosting News) – Earlier in 2010, Stuxnet came to light. This was the first known virus that was specifically designed to target infrastructures in the real world, such as power plants. Symantec Security has recently revealed how this virus was launched at Iranian industrial facilities. Some versions of this virus struck their targets in just under 12 hours of being coded.
“We are trying to do some epidemiology,” Orla Cox of Symantec told BBC News. “We are trying to understand how and why it spread.”
This worm first came to light late last year after an initial analysis unveiled that the piece of malware had likely been written by a “nation state” to target Iran’s nuclear program, including the uranium enrichment centrifuges located at the Natanz facility.
Russia recently stated that these types of attacks “could lead to a new Chernobyl” when discussing the topic with BBC referring to the 1986 nuclear accident.
While the speculation to the origins of this virus continues to circulate, the true designers still remain a mystery.
Iranian officials openly admitted that the Stuxnet virus infected staff computers, but have continued to say that it failed to cause any major delays in their nuclear program. This is contrary to the knowledge of the setbacks suffered in their uranium enrichment project.
New research, which analyzed 12,000 infections collected by various anti-virus firms, revealed that Stuxnet targeted five “industrial processing” plants in Iran.
The attacks on these plants occurred repeatedly between June 2009 and April of 2010. The waves of attacks used at least three different variants of the virus.
Symantec easily identified the targets due to Stuxnet’s design to collect information about each computer it infected including the name, location, and time each system was infected.
Symantec has declined to give the names of the plants affected and would not confirm whether they had links to the country’s nuclear projects. However, Ms. Cox did state that previous research confirms that the worm could disrupt the centrifuges used to enrich uranium.
Analysis of the virus strains and the time it took between attacks suggest that the coders of Stuxnet had infiltrated the targeted organizations. This conclusion was drawn because how the virus targeted industrial systems which suggested that no internet connection existed in these plants for security reasons.
The virus infected Windows machines via USB flash drive which are commonly used to move files with ease.
Cox states, “The virus could have been spread between the organizations by contractors that worked for more than one of them. We see threads to contractors used by these companies. We can see links between them.”
Stuxnet was designed to seek out specific configurations of industrial control software made by Siemens. The code can then “reprogram” programmable logic control software to give the industrial machinery new instructions. Analysis suggests that it targeted software operating at frequencies between 807 and 1210 HZ. This range includes those that are used to control uranium enrichment centrifuges. Although these security exploits had raised concern before, nothing had ever proposed quite the infection that Stuxnet exploited.
Other types of software are also likely to have been targets after more analysis showed incomplete codes.
“The fact that it is incomplete could tell us that [the virus writers] were successful in what they had done,” Cox said.
While some suggest this was an extremely sophisticated virus others claim is was rudimentary at best.
Cox agrees that the design of the code and some of the techniques it uses are simple, but that misses the bigger picture.
“If you look at the sum of its parts, then it is certainly very sophisticated,” she said.