Iran nuclear agency is working to defeat a computer worm
tehran — Iran’s nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over power plants, Iranian news reports said.
Experts from the Atomic Energy Organization of Iran met last week to discuss how to remove the malicious computer code, or worm, the semiofficial Iranian Students News Agency reported.
The computer worm, dubbed Stuxnet, can take over systems that control the inner workings of industrial plants. The worm was discovered in July by experts in Germany and it has since shown up in a number of attacks, primarily in Iran, Indonesia, India and the United States.
Kevin Hogan, senior director of security response at the U.S. technology company Symantec, said 60% of the computers infected by Stuxnet were in Iran, suggesting that industrial plants in that country were the target.
There has been speculation that Iran’s nuclear power station at Bushehr has been targeted by a statebacked attempt at sabotage or espionage.
“It’s pretty clear that based on the infection behavior that installations in Iran are being targeted,” Hogan said. “The numbers are off the charts.”
Diplomats and security sources say Western governments and Israel view sabotage as one way of slowing Iran’s nuclear program, which the West suspects is aimed at making nuclear weapons; Iran says it is for peaceful energy purposes.
The ISNA report said the malware had spread throughout Iran, but did not name specific sites affected. Iranian newspapers have reported on the computer worm hitting industries across the country in recent weeks, without giving details.
The malware is apparently a Trojan worm that spreads via infected USB thumb drives, exploiting a vulnerability in Microsoft Corp.’s Windows operating system that has since been resolved.
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data. And it is clear that the worm’s creators had significant resources.
“We cannot rule out the possibility” of a state being behind it, Hogan said.
“Largely based on the resources, organization and in-depth knowledge across several fields, including specific knowledge of installations in Iran, it would have to be a state or a non-state actor with access to those kinds of [state] systems.”
Some speculate that a malicious computer code has targeted Iran’s nuclear plant at Bushehr.