Computer worm hits Iran but few others

Iran Times International July 30, 2010:Iran is the home of more than half the computers hit world- wide by a new computer worm that tries to steal information from industrial plants. There is speculation that U.S. intelligence may be behind the information heft. The malicious virus, called Stuxnet, was discovered last month by a Belarus-based antivirus company, Viru-s BlokAda, on the system of an Iranian client, but may have been in circulation worldwide as early as January, according to Elias Levy, senior technical director with Symantec Security Response. Symantec, one of the world’s largest software companies focused on computer security, has compiled data on Stuxnet indicating that nearly 60 percent of infected systems are in Iran, with Indonesia and India also being hard-hit. In collaboration with affected industries and by redirecting information intended for the worm’s command and control servers to its own computers, Symantec measured in three days 14,000 IP (Internet Protocol) addresses that had been hit by the worm. Because IP addresses are the codes computer systems use to connect to the Internet, Levy says it is probable that as many as 15,000 to 20,000 individual machines have been affected since many companies use the same IP address for several systems. While this number is small compared to the total number of personal computers across the globe, it is unclear why such a large proportion is being discovered in just a few countries. “Although Iran is probably one of the countries that has the worst infections of this, they are also probably a place where they don’t have much AV [anti-virus protection] right now,” Levy said. The lack of AV is at least in part due to sanctions placed on Iran. “The most we can say is whoever developed these particular threats was targeting companies in those geographic areas,” Levy explained. What is also known is the specific companies that are infected. The targets of the attackers are organizations using the management system Siemens SCADA or Supervisory Control And Data Acquisition. SCADA software is generally used by manufacturing and utility plants to control power grids, gas refineries and more. That prompted speculation that some U.S. intelligence organization might be behind the worm. In the event of war, it is assumed that the U.S. military would quickly want to shut down the Iranian power grid. That was a goal in the opening days of the attack on Iraq in 2003. Siemens, the Munich-based global electrical engineering and electronics company that produces SCADA, would not give the number of customers it has in Iran. Earlier this year, the company said that, in line with the new sanctions on Iran, it planned to reduce its business in the country which earned it approximately $562.9 million in 2008, according to The Wall Street Journal. Siemens began distribution last week of a scanner developed by the antivirus and Internet security company, Trend Micro, to remove Stuxnet. Siemens has been under criticism for not removing the vulnerability that allows Stuxnet to work when it was first noticed two years ago. Stuxnet is transmitted through infected USB devices and looks for a Siemens system. Taking advantage of default passwords in Siemens software, it copies itself to other USB devices.

Iran-Times.COM

AN INDEPENDENT SOURCE OF NEWS ABOUT IRAN

Copyright © 2009 The Iran Times Corp. All rights reserved

Founded in 1970