A computer worm is drawing awed respect and fear from security researchers, even as they wonder how and why it was created.
Four things about Stuxnet are particularly noteworthy, according to experts consulted by ComputerWorld. One, it appears to be the most sophisticated malware anyone has ever seen. Two, because of that, researchers do not believe it could have been created by a private group. They think it's the handiwork of a nation-state. Third, it could control real world machinery, like, say, a power plant. Fourth, it appears to have targeted Iran.
Add all that up and you come to this realization: Stuxnet is a targeted, apparently untraceable weapon. Christian Science Monitor summed up the situation:
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says [German researcher Ralph] Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock - in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
Speculation is now rampant that the worm was created to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant or perhaps its centrifuge facility in Natantz. Still, as uber-expert Bruce Schneier notes, "there's not much in the way of actual evidence to support that." Another security expert called the speculation "irresponsible."