Unstable virus targets nuclear facility

Legalbrief reports that the virus, known as Stuxnet, has been described as the most 'refined piece of malware ever discovered'. It spread to the personal computers of staff working at the Bushehr nuclear power station just weeks before the facility is to go online. And it's no secret that the US - and many other countries around the world - is keeping a close eye on Iran's nuclear capabilities. Several Western governments, including the US, suspect that Iran will reprocess Bushehr's spent fuel to produce weapons-grade plutonium for use in nuclear warheads. The Telegraph reports that the Russian-built plant will be internationally supervised, but world powers are concerned that Iran wants to use other aspects of its civil nuclear power programme as a cover for making weapons. Full report in The Telegraph

About 30 000 IP addresses have already been infected. 'The attack is still ongoing and new versions of this virus are spreading,' Hamid Alipour, deputy head of Iran's Information Technology Company, was quoted as saying by IRNA, Iran's official news agency. According to a report on the News24 site, the hackers, who enjoyed 'huge investments' from a series of foreign countries or organisations, designed the worm to exploit five different security vulnerabilities. Alipour said his company had begun the clean-up process at Iran's 'sensitive centres and organisations'. The worm is able to recognise a specific facility's control network and then destroy it, according to German computer security researcher Ralph Langner, who has been analysing the malicious software. The Washington Post reports that Iran suspects that a foreign organisation or nation designed Stuxnet. 'We had anticipated that we could root out the virus within one to two months,' Alipour said. 'But the virus is not stable, and since we started the clean-up process three new versions of it have been spreading.' No one has claimed responsibility for the worm and no entity or country has been definitively identified as its source. According to Eugene Kaspersky, the veteran CEO of the Russian-headquartered IT security vendor Kaspersky Lab, Stuxnet is backed by a well-funded, highly skilled attack team with intimate knowledge of SCADA technology. Infosecurity-magazine.com reports that his research team believes this type of attack could only be conducted with nation-state support and backing. 'I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cybercriminals, now I am afraid it is the time of cyberterrorism, cyberweapons and cyberwars,' he said. Full report in the News24 site Full report in The Washington Post Full Infosecurity-magazine.com report

Security experts have known for months about the vulnerabilities to Stuxnet of computerised control equipment that manage oil pipelines, electric utilities and nuclear plants - particularly software and equipment from Germany's high-tech Siemens. As early as July, Siemens made virus-scanning software available to its clients after learning of the bug. Siemens said the malware appeared designed to extract data from industrial companies using Siemens software, and had been detected during a routine update of its software with a German industrial client. 'Stuxnet is the most refined piece of malware ever discovered,' said Alan Bently, vice-president of the US security firm Lumension, according to a report on the IoL site. The report quotes Bently as saying: 'The worm is significant because mischief or financial reward wasn't its purpose. It was aimed right at the heart of a critical infrastructure.' In August, Microsoft issued an emergency patch to correct the flaw. Windows is used by up to 80% of the world's computers. Langner spoke of the 'hacker of the decade'. He claimed the virus was developed by insiders who wanted to sabotage such facilities, and noted it was no accident that Iran has had technical problems with its plants in recent weeks. Further alarm was raised when it was discovered that the Bushehr facility was using an unlicensed version of Siemens' special industrial control software. To make matters worse, it was not properly configured. Frank Rieger of the Chaos Computer Club, a German-based organisation of hackers, proclaimed: 'The first strike of digital warfare has been made.' Another expert, author Arne Schoenbohm, says such a scenario is quite possible: 'Cyberspace has become the fifth military battlefield, after land, air, water and space.' Full report on the IoL site

Another security researcher has revealed yet another way that the Stuxnet worm spreads, a tactic that can re-infect machines that have already been scrubbed of the malware. Previously, researchers had spotted several propagation methods in Stuxnet that ranged from spreading via infected USB flash drives to migrating between machines using multiple unpatched Windows bugs. Computer World reports that Liam O Murchu, manager of operations on Symantec's security response team, said Stuxnet also injects a malicious DLL into every Step 7 project on a compromised PC, ensuring that the worm spreads to other, unaffected PCs whenever an infected Step 7 file is opened. 'All Step 7 projects (on a compromised computer) are infected by Stuxnet. Anyone who opens a project infected by Stuxnet is then compromised by the worm.' Full Computer World report