The Stuxnet software worm repeatedly sought to infect five industrial facilities in Iran over a 10-month period, a new report says, in what could be a clue into how it might have infected the Iranian uranium enrichment complex at Natanz.
The report, released Friday by Symantec, a computer security software firm, said there were three waves of attacks. Liam O Murchu, a security researcher at the firm, said his team was able to chart the path of the infection because of an unusual feature of the malware: Stuxnet recorded information on the location and type of each computer it infected.
Such information would allow the authors of Stuxnet to determine if they had successfully reached their intended target. By taking samples of Stuxnet they had collected from various computers, the researchers were able to build a model of the spread of the infection. They determined that 12,000 infections could be traced back to just five initial infection points.
Between June 2009 and May 2010, the program took aim at specific organizations in Iran on three occasions, Symantec research noted in an update of a research report the company published last year.
The Symantec team said it had collected five Internet domains that were linked to industrial organizations within Iran. They said because of the company’s privacy policies, they would not disclose the domain names.
“All of the domains are involved in industrial processing,” Mr. O Murchu said in an interview.
It is likely that a classified site like Natanz is not connected directly to the Internet. Therefore, an attacker might try to infect industrial organizations that would be likely to share information, and the malware, with Natanz.
Read more
No comments:
Post a Comment