.

Monday, September 20, 2010

Iran attacked with very sophisticated computer worm

From Computerworld (UK):
A sophisticated worm designed to steal industrial secrets and disrupt operations has infected at least 14 plants, according to Siemens.

Called Stuxnet, the worm was discovered in July when researchers at VirusBlokAda found it on computers in Iran. Siemens also alerted the IT community that Stuxnet has been targetted on its industrial systems. The worm is one of the most sophisticated and unusual pieces of malicious software ever created.

Researchers at Symantec have cracked Stuxnet's cryptographic system, and they say it is the first worm built not only to spy on industrial systems, but also to reprogram them.

Once installed on a PC, Stuxnet uses Siemens' default passwords to seek out and try to gain access to systems that run the WinCC and PCS 7 programs -- so-called PLC (programmable logic controller) programs that are used to manage large-scale industrial systems on factory floors and in military installations and chemical and power plants.

Stuxnet has infected systems in the UK, North America and Korea, however the largest number of infections, by far, have been in Iran.

Nobody knows who's behind Stuxnet, but recently Kaspersky Lab researcher Roel Schouwenberg said that it was most likely a nation state.

Symantec's O'Murchu agrees that the worm was done by particularly sophisticated attackers. "This is definitely not your typical operation," he said.
Hmmmm.....