Questions remain as Stuxnet exploit finally blocked

Malware

Siemens patches vulnerabilities as new worm rumours circulate

Siemens has updated its control system software to patch vulnerabilities used by the Stuxnet worm that targeted Iran's nuclear programme.

Stuxnet became infamous in 2010, when it emerged the worm had been used to alter the control settings in machinery, resulting in damage that reportedly put Iran's nuclear aspirations back by years.

Two years later, Siemens says it had patched the vulnerabilities that have been blamed for the attack, meaning that the company's customers should be safe from similar attacks.

Although the two exploits fixed by the company do not name Stuxnet itself, the dates and vulnerabilities match those reportedly used by the US-Israeli coders thought to be behind the virus.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC

The value of the patches, however, remains uncertain because the Stuxnet virus was programmed to stop spreading at the end of last month.

“Stuxnet had a 'kill date' of 24 June 2012, which means the worm has now stopped spreading,” said Mikko Hyponnen on the F-Secure blog. “But that has little significance, as the operation had already been active for years and reached most of its targets already by 2010."

Fresh threat

The patch comes as F-Secure reported the possible emergence of a new batch of worms hitting Iran's nuclear power plants.

According to F-Secure, the company received a message from someone claiming to work within Iran's nuclear research plant. F-Secure was unable to confirm the individual source, but traced the email back to within the Natanz research facility - although it could still be a hoax.

“I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility, Fordo near Qom,” the apparent scientist wrote.

“According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist, not a computer expert.”

“There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out," the leaked email continued. "I believe it was playing 'Thunderstruck' by AC/DC."

Read more

News