Computer worm that hit Iran’s nuclear equipment is also taking out other industrial systems

Confirming months-long suspicions, Iran’s president Mahmoud Ahmadinejad admitted today that his country’s uranium enrichment centrifuges had been affected by a malicious computer worm. Western Diplomats said last week that the Stuxnet virus had damaged Iran’s centrifuges, which could be used to make fuel for nuclear power or nuclear weapons.

The Stuxnet computer worm was discovered in June by a Belarus-based security firm. The worm spies on and reprograms industrial control SCADA (Supervisory Control And Data Acquisition) computers made by German conglomerate Siemens.

Transmitted through shared universal serial bus (USB) memory modules, the worm can reprogram computers and hide its changes. The worm uses the USB transmission technique because many industrial computers are not connected to the web. The original target of Stuxnet wasn’t clear, as it appeared it could attack any device. But news reports suggest that the particular target was Iran’s nuclear facilities in Natanz and its Bushehr nuclear power plant.

“They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts,” said Ahmadinejad. “But the problem has been resolved.”

Russian security company Kaspersky Labs said that the worm was one of the most sophisticated ever created, suggesting that it might have been created by an intelligence agency with cyber know-how. Stuxnet exploited multiple unpatched vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, and hid its code by using software known as a rootkit. Microsoft hasn’t fully fixed the vulnerabilities.

At one point in September, some 60 percent of infected computers worldwide were in Iran, suggesting that the intended target was in Iran. The problem with creating a virus to attack one particular target is that it can be modified to attack any target. With Stuxnet, the genie is out of the bottle. Now the worm can be modified to attack any sort of industrial equipment.

In its own bulletin today, antivirus firm Symantec said, “This specialized malware written to exploit physical infrastructures will continue in 2011 driven by the huge sums of money available to criminal enterprises at low risk of prosecution. These attacks will range from the obvious targets like smartphones, to any number of less obvious yet critical systems like power grid controls or electronic voting systems.”

Meanwhile, antivirus vendor McAfee has said, “More detailed analysis found that Stuxnet is more than just a spy worm, but a weapon written to sabotage critical infrastructure. Stuxnet has infected thousands of computers of unintended victims from all over the globe.”