Iran targeted by industrial theft worm
Stuxnet worm which attempts to steal industrial control systems data hits Iran hardest
Iran appears to have been the main target of the Stuxnet worm, which tries to steal data from industrial control systems.
The worm, which was first discovered last month, targets Siemens SCADA (supervisory control and data acquisition) management systems, which are most commonly used in industrial manufacturing facilities and utilities plants.
The worm, which is propagated by infected USB drives, uses a legitimate digital certificate from a major third party and a previously unknown bug in Windows, to attempt to find SCADA systems and design documents, and then upload them to an online command and control server, in what appears to be an attempt to steal industrial documents.
According to data collated by Symantec, almost 60% of all infected systems are in Iran, with Indonesia accounting for a further 18% of infections and India 8%. Although Symantec was not able to give a reason or a culprit for the attacks, security researcher Vikram Thakur, wrote in a Symantec blog, that: "It is evident that W32.Stuxnet was created and distributed with the intent of stealing critical infrastructure documents in organizations in specific countries."
The company says it is still analysing the situation.
A free virus scanner posted by Siemens earlier this week has been downloaded 1,500 times, according to the company.