(Reuters) - A computer virus that attacks a widely used industrial system appears aimed mostly at Iran and its sophistication suggests a state may have been involved in creating it, Western cyber security companies said on Friday.
“Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world,” Kaspersky Labs said in a statement.
Here are some details on Stuxnet:
HOW DOES IT WORK?
* The virus is malicious software, or malware, that attacks widely used industrial control systems built by German firm Siemens. Experts say the virus could be used for espionage or sabotage.
* Siemens says the malware spreads via infected USB thumb drive memory devices, exploiting a vulnerability in Microsoft Corp’s Windows operating system that has now been resolved.
* The malware attacks software programs that run Supervisory Control and Data Acquisition, or SCADA, systems. Such systems are used to monitor automated plants -- from food and chemical facilities to power generators.
* Analysts said attackers may have chosen to spread the malicious software via a thumb drive because many SCADA systems are not connected to the Internet, but do have USB ports.
* Once the worm infects a system, it quickly sets up communications with a remote server computer that can be used to steal proprietary corporate data or take control of the SCADA system, said Randy Abrams, a researcher with ESET, a privately held security firm that has studied Stuxnet.
WHO CREATED IT?
* Siemens, Microsoft and security experts who have studied the worm have yet to determine who devised it.
* Mikka Hypponen, chief research officer at Finnish security software firm F-Secure, says he believes it was a state sponsored attack. Stuxnet is highly complex and “obviously done by a group with serious technological and financial backing.”
* Ralph Langner, a German cyber expert, says the attack was by highly qualified experts, probably a nation state. "This is not some hacker sitting in the basement of his parents' house." On his website, www.langner.com/en/index.htm, Langner said investigations would eventually "point" to the attackers. "The attackers must know this. My conclusion is, they don't care. They don't fear going to jail."
WHERE HAS IT SPREAD?
* A study of the spread of Stuxnet by U.S. technology company Symnatec showed that the main affected countries as of August 6 were -- Iran, with 62,867 infected computers, Indonesia with 13,336, India 6,552, United States 2,913, Australia 2,436, Britain 1,038, Malaysia 1,013 and Pakistan with 993.
* Belarussian firm Virusblokada was the first to identify the virus in mid-June. Commercial director Gennady Reznikov told Reuters the company has a dealer in Iran, and one of the dealer’s clients had computers infected with a virus that turned out to be Stuxnet. Reznikov said Virusblokada itself had no connection to the nuclear power plant at Bushehr.
* According to Siemens spokesman Michael Krampe, Siemens has identified 15 customers that found Stuxnet on their systems, and “each was able to detect and remove the virus without any impact to their operations.”
Our Standards: The Thomson Reuters Trust Principles.