Heh - could not have happened to a nicer bunch of people
Very high geekdom. I have been following the Stuxnet worm since its initial discovery this summer (I am on a few black-hat email lists).
It was precisely written and specifically targets a particular operating system running particular software.
Yesterday,
Computerworld published this news item:
Iran confirms massive Stuxnet infection of industrial systems
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday.
Experts from Iran's Atomic Energy Organization also reportedly met this week to discuss how to remove the malware.
Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies.
Those control systems, called SCADA, for "supervisory control and data acquisition," operate everything from power plants and factory machinery to oil pipelines and military installations.
According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country.
Since then, experts have amassed evidence that Stuxnet has been attacking SCADA systems since at least January 2010. Meanwhile, others have speculated that Stuxnet was created by a state-sponsored team of programmers, and designed to cripple Iran's Bushehr nuclear reactor.
Even if they do wipe the disks and re-install Windows, some mole comes along with a USB thumb-drive and the fnu starts all over again. If they just remove the software, I bet there is a hidden copy lying dormant that checks for this, waits and day and starts re-infecting.
Posted by DaveH at September 26, 2010 3:29 PM