International

Most Advanced Malware A Cyber Weapon?

I was listening to Tom Gjelten's great piece on cyberwarfare this morning when I stumbled across a bunch of pieces that might indicate that someone may have fired a first shot.

In June, computer security professionals found a new virus, dubbed Stuxnet. It seemed different from most viruses. It was more complicated, and perhaps deadlier. From the Christian Science Monitor:

Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.

How does it work?

Unlike most viruses, the worm targets systems that are traditionally not connected to the internet for security reasons.

Instead it infects Windows machines via USB keys - commonly used to move files around - infected with malware.

Once it has infected a machine on a firm's internal network, it seeks out a specific configuration of industrial control software made by Siemens.

Iran's Bushehr Nuclear Plant

An Iranian flag flutters in front of the reactor building of the Bushehr nuclear power plant,(AP Photo/Vahid Salemi) Vahid Salemi/AP hide caption

itoggle caption Vahid Salemi/AP

It's the first time, say experts, that a virus has looked for a specific piece of software controlling a specific piece of equipment. And now, some researchers are speculating that it's aimed at a specific piece of equipment. Namely, Iran's Bushehr nuclear power plant. Now everyone acknowledges it's speculation, at this point, but informed speculation.

"The fact that we see so many more infections in Iran than anywhere else in the world makes us think this threat was targeted at Iran and that there was something in Iran that was of very, very high value to whomever wrote it," Liam O'Murchu of security firm Symantec, who has tracked the worm since it was first detected, told BBC News.

Though Bruce Schneier points out there's not a whole lot of evidence to support the theory. But does say that Stuxnet is impressive, to say the least.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.