The Inquirer-Home

Stuxnet worm dates back to 2005, Symantec reveals

Symantec sensors are still detecting dormant infections worldwide
Wed Feb 27 2013, 16:38
Symantec logo

SECURITY COMPANY Symantec has claimed that the Stuxnet computer worm that was discovered to have spread throughout industrial software and equipment in 2010 could date back further and is more widespread than originally believed.

Symantec's report "The Missing Link" found a build of the Stuxnet attack tool, dubbed Stuxnet 0.5, which it said dates back to 2005 and used different techniques to sabotage industrial facilities. The tool is believed to have been targeted at uranium enrichment facilities in Iran.

"Analysis of this code reveals the latest discovery to be version 0.5 and that it was in operation between 2007 and 2009 with indications that it, or even earlier variants of it, were in operation as early as 2005," the company's security response team said in a blog post.

"As with version 1.x, Stuxnet 0.5 is a complicated and sophisticated piece of malware requiring a similar level of skill and effort to produce. Despite the age of the threat and kill date, Symantec sensors have still detected a small number of dormant infections worldwide over the past year."

Discovered in 2010, the Stuxnet malware infected systems in the Middle East with the intent of sabotaging uranium enrichment centrifuges in Iran. The malware accessed controllers for the motors of centrifuges and set them to settings that would cause the hardware to fail.

According to Symantec, the Stuxnet 0.5 build targets valves that control the flow of gas into the centrifuges, causing pressure within the units to change and leading to hardware failures.

While no group has admitted responsibility for building Stuxnet, the attack is assumed by many to be of US origin, with The New York Times claiming last year that the attack against the Iranian facility was part of a campaign called "Olympic Games", which started during President Bush's term and was continued by President Obama.

Francis deSouza, Symantec president of products and services, said that the discovery shows that cyber warfare and attacks on infrastructure are far more pervasive and common than originally believed. He noted that attacks once thought to be the sole domain of traditional military powers are now available to nearly all nation states.

"Most countries now have access to very sophisticated cyber weapons. A very small country today can disrupt a country that is thousands of times bigger in GDP," he told conference attendees. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Blackberry completes restructuring process

Do you think Blackberry can bounce back to growth?