Computers | 25.09.2010
Mysterious computer worm infects Siemens-built control systems
One of the most sophisticated pieces of malware ever detected has infected tens of thousands of computers in Indonesia, India, the United States, Australia, Britain, Malaysia and Pakistan. The biggest target, however, has been Iran.
The computer virus, known as Stuxnet, is a "working and fearsome prototype of a cyber-weapon that could lead to the creation of a new arms race," Kaspersky Labs, an Internet security firm based in Moscow, warned in a statement.
The German engineering conglomerate Siemens, which developed the systems attacked by Stuxnet, said the malware spreads via infected USB thumb drive memory sticks, exploiting vulnerabilities in the Microsoft Windows operating system.
The super-virus attacks software programs that run on Supervisory Control and Data Acquisition, or SCADA, systems, a product developed by Siemens and sold around the world, including to Iran. SCADA is used to manage water supplies, oil rigs, power plants and other industrial facilities.
Once the worm infects a system, it quickly sets up communications with a remote server computer that can be used to steal proprietary information or take control of the SCADA system.
Bildunterschrift: Iran is suspected of secretly developing nuclear weapons using its Bushehr facility as a cover
Stuxnet source unknown
Computer security experts have said the attackers may have chosen to spread the malicious software via thumb drives because many SCADA systems control sensitive operations and are therefore not connected to the Internet, but do have USB ports.
Ralf Langner, a German cyber security specialist, said the attack was launched by an as yet unknown software expert, very possibly a nation state.
"This is not some hacker sitting in the basement of his parents' house," he said.
Stuxnet is able to recognize a specific facility's control network and then destroy it, said Langner. He said he suspects that the virus' target was the Bushehr nuclear reactor facility in Iran.
Since June, Tehran has blamed unspecified problems for a delay in getting the facility fully operational. Iran's ISNA news agency reported that the country's nuclear agency met to determine a way to combat the computer worm.
A Siemens spokesperson, however, said the Iranian nuclear power plant was built with help from a Russian contractor and that Siemens was not involved. The spokesperson added that the company would not speculation the virus' target.
A study of the Stuxnet virus conducted by the US technology company Symantec showed that the country most affected by the virus was Iran with nearly 63,000 infected computers or more than two-thirds of all cases worldwide.
So far, neither Siemens nor cyber security experts in Europe, Russia or the United States, have discovered who is behind the Stuxnet attacks, but Langner said investigations would eventually point to the attackers.
"The attackers must know this," he said. "My conclusion is they don't care. They don't fear going to jail."
Author: Gregg Benzow (dpa/AFP/Reuters)