What We Now Know About Stuxnet

Researchers remain relatively puzzled, but new research on the virus does show a clear target and method of infiltration

This article is from the archive of our partner .

Remember Stuxnet? The internet virus attacking Iranian industrial facilities that we heard about in the fall of 2010? In the months since Stuxnet came to light, Symantec, a security firm, has been trying to figure out how the worm made its way into these facilities and who created it. The report has just come out, and the researchers note a few major discoveries since their last analysis of the Stuxnet virus back in September. Here's what we now know.

Two Different Codes

With samples from about 12,000 infections, researchers were able to better assess Stuxnet's targets and pathways discovering that 5 different Iranian organizations were targeted, some of which were attacked more than others, and at different times. The Symantec crew also noticed that Stuxnet used two different codes, signaling separate attack strategies. Despite this knowledge, the virus's origin remains unknown.

Spread by USB Keys

Researchers infer that those behind the virus were able to "infiltrate" their targets based on the fact that "Stuxnet targeted industrial systems not usually connected to the internet for security reasons," reports the BBC's Jonathan Fildes. "Instead it infects Windows machines via USB keys--commonly used to move files around and usually plugged into a computer manually." The point of the virus is to latch on to industrial software and reprogram it with new instructions. It's full capabilities are unknown, though Nato's Russian ambassador made a recent prediction that the virus "could lead to a new Chernobyl."

Target: Nanantz

Though the Symantec report does not name the targeted Iranian facilities, Elinor Mills at CNET reports that the Nanantz nuclear enrichment plant is clearly the main target, according to one expert.

Appropriation by Other Groups

In addition to Symantec, another group known as Anonymous, an activist hacking (or "hacktivist") group claims to access to the same virus used in the Stuxnet attacks. According to the Guardian's Josh Halliday, "it is not yet clear whether Anonymous plans to deploy the computer virus, but last week the group signalled an intention to attack Iranian government websites in support of a planned green movement rally in Tehran." The folks at Symantec can't figure out how serious Anonymous is about making its own attack or how powerful their copy of the virus even is.

This article is from the archive of our partner The Wire.