Iran industrial sites still suffer with Stuxnet

Iranian nuclear energy authority meets to discuss widespread Stuxnet worm infection

Tags: Cyber crimeIranMalwareSymantec Corporation
  • E-Mail
Iran industrial sites still suffer with Stuxnet Stuxnet has been hailed as one of the most complicated pieces of malware ever created.
By  Mark Sutton Published  September 26, 2010

Iran is still struggling to remove the Stuxnet worm from industrial sites across the country, with over 30,000 Windows PC infected by the worm, according to reports from two Iranian news agencies.

ISNA reported on Friday that experts from the Atomic Energy Organisation of Iran met last week to discuss how to deal with the worm, which attacks industrial control systems.

Iranian authorities have denied that the worm has infected systems for the controversial Busheshr nuclear reactor, Iran's first nuclear power plant, but have not revealed the location of specific Stuxnet infections in the country.

Speaking on Iran's Arabic-language Al-Alam television network, Mahmoud Jafari, project manager for the Bushehr reactor said: "This virus has not caused any damage to the main systems of the Bushehr power plant. All computer programmes in the plant are working normally and have not crashed due to Stuxnet."

At the same time, the Tehran-based Mehr News Agency, reported that Mahmoud Alyaie, an IT official with Iran's industries and mines ministry, said that 30,000 IP addresses in the country had been infected with Stuxnet.

Stuxnet, which was first discovered in June this year, targets Siemens SCADA (supervisory control and data acquisition) management systems, which are most commonly used in industrial manufacturing facilities and utilities plants.

The worm appears to have been spread by infected USB drives, and targeted Windows PC that manage SCADA systems. The worm uses a legitimate digital certificate from a major third party and a previously unknown bug in Windows, to attempt to find SCADA systems and design documents, and then upload them to an online command and control server, in what appears to be an attempt to steal industrial documents. The worm was also found to have reprogrammed PLC (programmable logic control) software to give new instructions to the machinery that software managed. Researchers now believed to have been attacking SCADA systems since January

Earlier this month Microsoft released fixes for two of the four exploits that are used by Stuxnet, and the company has said it will fix the remaining holes in future.

In July, Symantec revealed that the main concentrations of Stuxnet infections were in Iran, accounting for some 60% of infections. Security researcher Vikram Thakur, wrote in a Symantec blog, that: "It is evident that W32.Stuxnet was created and distributed with the intent of stealing critical infrastructure documents in organizations in specific countries."

There has been speculation that Stuxnet may have been crafted specifically to attack the Bushehr nuclear reactor, which has caused disputes with the US over Iran's intentions for the reactor, and the possible use of fuel to make nuclear weapons.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code