Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target â€” the infection has also been reported in Indonesia, Pakistan, India and elsewhere â€” a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.
The Christian Science Monitor first reported on Stuxnet in June.Â The primary source of the CSM story was computer security expert Ralph Langner, who has been chronicling his research of the virus on his Web site. Langner called Stuxnet the “hack of the century,” and said “Stuxnet is going to be the best studied piece of malware in history.”
Wired magazine, unsurprisingly, has the definitive story.
â€œItâ€™s the most complex piece of malware weâ€™ve seen in the last five years or more,â€ says Nicolas Falliere, a code analyst at security firm Symantec. â€œItâ€™s the first known time that malware is not targeting credit card [data], is not trying to steal personal user data, but is attacking real-world processing systems. Thatâ€™s why itâ€™s unique and is not over-hyped.â€
… Eric Byres, chief technology officer for Byres Security, says the malware isnâ€™t content to just inject a few commands into the PLC [Programmable Logic Controller] but does â€œmassive reworkingâ€ of it.
â€œTheyâ€™re massively trying to do something different than the processor was designed to do,â€ says Byres, who has extensive experience maintaining and troubleshooting Siemens control systems. â€œEvery function block takes a fair amount of work to write, and theyâ€™re trying to do something quite radically different. And theyâ€™re not doing it in a light way. Whoever wrote this was really trying to mess with that PLC. Weâ€™re talking man-months, if not years, of coding to make it work the way it did.â€