Most Sophisticated Malware Ever Targets Iran

A computer worm is drawing awed respect and fear from security researchers, even as they wonder how and why it was created.

Four things about Stuxnet are particularly noteworthy, according to experts consulted by ComputerWorld. One, it appears to be the most sophisticated malware anyone has ever seen. Two, because of that, researchers do not believe it could have been created by a private group. They think it's the handiwork of a nation-state. Third, it could control real world machinery, like, say, a power plant. Fourth, it appears to have targeted Iran.

Add all that up and you come to this realization: Stuxnet is a targeted, apparently untraceable weapon. Christian Science Monitor summed up the situation:

Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says [German researcher Ralph] Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.

"Stuxnet is the key for a very specific lock - in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."

Speculation is now rampant that the worm was created to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant or perhaps its centrifuge facility in Natantz. Still, as uber-expert Bruce Schneier notes, "there's not much in the way of actual evidence to support that." Another security expert called the speculation "irresponsible."

Regardless of target, Stuxnet's appearance in the world signals a new depth and intensity to cyberwarfare. Michael Assante, former security chief for this country's grid-minding organization, the North American Electric Reliability Corp, sounded genuinely rattled in his remarks to Christian Science Monitor.

"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human - but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target," he said. "The implications of Stuxnet are very large, a lot larger than some thought at first... It's the type of threat we've been worried about for a long time."

Perhaps it's no surprise that Langner's blog is called, "Knowledge Brings Fear."