Symantec researchers have been monitoring a computer worm called “Stuxnet” since it emerged in mid July. “Stuxnet” has captured the world’s attention for several significant reasons. It’s capable of disabling physical infrastructure like the electric grid of a large city or a nuclear power plant. And the attacks have concentrated on one country’s installations more than any other: Iran. There are some additional characteristics that also give researchers cause for concern.
First, it was note worthy that the worm attacked Siemens industrial control systems, not personal computers that contain the financial details of individuals. Second, the threat is likely to have infected the Siemens systems control software (often referred to as “SCADA”) that manages big infrastructure systems like power plants, pipelines and industrial centers via infected USB keys or other entry points using Microsoft Windows software. Third, the worm exploits several previously unknown Microsoft holes. Often a threat might exploit one so called “zero day” vulnerability but the presence of code exploiting as many as four or five, indicates someone with extremely good computer knowledge and ability. This very high technical skill suspected of the bad guys indicates the greatest worry of all – the involvement of state-supported or a highly organized and well-financed group of hackers. Symantec estimates a group of as many as 10 individuals working as long as six months would have been necessary to have crafted the sophisticated “Stuxnet” worm.
Watch the CNN interview with our own Gerry Egan for more information: http://www.cnn.com/2010/TECH/web/09/24/stuxnet.worm.ft/index.html
Read our Symantec Security Response blog entry on this threat to see that Stuxnet is primarily targeting installations in Iran (59%). http://www.symantec.com/connect/blogs/w32stuxnet-network-information
The actual virus write up on Symantec’s website is here: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-071400-3123-99
Should the average PC owner worry about Stuxnet? Probably not. Just make sure your consumer internet security software is up to date and able to protect you from the latest threats and you should be fine. Whether or not that same advice can hold for Iran’s infrastructure remains to be seen.