Stuxnet Worm: Cyber Weapon Targets Power Plants, Factories

First-of-its-kind computer worm called Stuxnet could cripple real-world targets.

ByABC News
September 23, 2010, 6:23 PM

Sept. 24, 2010— -- A first-of-its-kind computer worm is taking malicious software to an unprecedented level.

As if attempting to steal personal information or inflicting chaos on your laptop isn't bad enough, security experts say the Stuxnet worm is designed to hijack and potentially cripple real-world targets such as nuclear power plants, factories and oil rigs.

Security experts first learned of the new strain of software in June, but only disclosed its ability to infect major industrial systems in recent weeks.

"This is cyber sabotage," said Roel Schouwenberg, a senior researcher for the security firm Kaspersky Labs. "Stuxnet is designed to basically bring down a plant or take down operations."

For several years, the security community has speculated about a worm complex enough to infiltrate a computer system for a nuclear power plant or oil refinery and then modify operations, he said. But they've never actually seen one in the public arena until Stuxnet.

"Stuxnet is the first in so many different areas. It's amazing, basically," he said. "This could well be a turning point in how we view cyber, basically."

Liam O Murchu, a researcher for Internet security company Symantec, said he and his team started analyzing the worm after an anti-virus company in Belarus discovered it in June.

He said it has the power not only to control machinery anywhere in the world, including those key to water supplies, sewage, oil refineries and factories, it also can hide its hijack from system administrators.

"It can hide how your equipment works in your plant and it can hide those changes from you so that you won't even see that there is code," he said.

While they don't know who is behind the worm or if they've succeeded in sabotaging a target, he said, they do know that it's infected several systems around the world, mostly in Iran. The worm won't succeed in taking over the target, however, unless it's configured in a specific way.

Since about 60 percent of the cases were based in Iran, they suspect that the actual target may have been in that country and cases in other countries were just collateral damage, he said.