The discovery of Stuxnet

Have you heard of Stuxnet? I hadn’t until today and it’s a fascinating story.

First, let’s learn how researchers found Stuxnet in the first place. This 2011 Wired article does a great job of explaining it.

Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim — to sabotage the country’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon.

The original Stuxnet discovery was version 1.001 and it remained the oldest on record until yesterday when Symantec published details of version 0.5. This older version predates the original discovery by almost 2 years.

Symantec’s data is spread out across multiple blog posts so you may prefer Wired’s breakdown of the discovery.

The new variant appears to have been released in 2007, two years earlier than other variants of the code were released, indicating that Stuxnet was active much earlier than previously known. A command-and-control server used with the malware was registered even earlier than this, on Nov. 3, 2005.

All of the information from Symantec’s blog and Wired’s article can also be found in Symantec’s Stuxnet 0.5: The Missing Link(PDF) whitepaper.

Finally, I recommend this article at ieee.org which has more detail on the history of Stuxnet. (via Macdrifter)

Now you know about Stuxnet, I hope you’re as intrigued and frightened as I am.