New virus threatens to wreak global havoc

DUBAI — Cyber experts are calling it the beginning of a new arms race, and if they are to be believed the Stuxnet worm has the power to bring nations to their knees.

By Anshuman Joshi

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Tue 28 Sep 2010, 9:23 PM

Last updated: Mon 6 Apr 2015, 9:21 AM

The malicious computer virus aimed at destabilising industrial control systems in factories and installations like power-transmissions stations, water and sewage systems, pipelines and assembly lines by slowing or completely stalling them is the first ever worm of its type that is said to be aimed at physical destruction.

Right now though it seems to be targeting Iran’s first nuclear power station at Bushehr in particular, leading to speculation that the virus’ creation and distribution could well be the handiwork of a nation-state that wants to derail the country’s nuclear programme. Kaspersky Lab had earlier reported that 60 per cent of the Stuxnet-infected computers were in Iran. However, experts are not discounting the possibility of the Stuxnet virus to spread rapidly to other parts of the world. Speaking to Khaleej Times, Bulent Teksoz, regional technology manager and Middle East security expert at Symantec outlined the virus’ threat potential. “Currently we are seeing 58.9 per cent of the attacks targeting Iran, also India and Indonesia.” While he refused to speculate on the worm’s current impact on the Middle East, he did sound a warning note. “Although we cannot comment on the nature of industrial systems used in the Middle East, it is always best to protect ourselves before an attack of such sophistication and magnitude is likely, as Stuxnet has the potential to spread very rapidly.”

Bahaa Alhudairy, senior security analyst at McAfee Middle-East shares that sentiment, though he’s quick to downplay the crippling effects of the virus. “As far as McAfee is concerned, Stuxnet is part of our database, but we have classified it as a low impact virus. Besides the virus is probably targeted at industrial systems, so home PC users are probably not endangered. In any case like most Trojan viruses, a new strain, which has not yet been published could cause damage. If you see, the virus’ biggest impact is probably in places, which are not geared for cyber warfare.”

Though this unique form of malware was discovered some time back by German anti-virus professionals, cyber experts haven’t still been able to completely comprehend its origins. “It is like nothing we’ve seen before – both in what it does, and how it came to exist,” says Teksoz. “It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyber attack we’ve seen that specifically targets industrial control systems. It exploits a total of four previously unknown software vulnerabilities in Windows, making it a 0-day exploit. It also uses a variety of other vulnerabilities to propagate.” With almost 120-countries in the grip of this viral virtual menace, the main means of its transmission has been via thumb drives.

“Why USB — because it works and can reach un-networked computers, just like in the case of Conficker. It also uses network connections and network shares to spread. Analysis also discovered a new first. Stuxnet could be used to remotely control infected systems. This is an alarming discovery in the evolution of these threats as it opens up the possibility of adversaries taking control of industrial infrastructure throughout the world,” explains Teksoz.

Teksoz said that Symantec was in the forefront of the battle to neutralise the thread posed by the virus.

More news from