Symantec reveals Stuxnet dates back to 2005

 

Gallery

By Nicole Kobie

Posted on 27 Feb 2013 at 10:34

The Stuxnet malware used to attack Iran was in the wild as far back as 2007 and in operation as far back as 2005, according to Symantec.

Stuxnet was first uncovered in 2010, after it was used to target an Iranian uranium enrichment facility via its SCADA control systems, and was believed to be first released in 2009.

Symantec has uncovered a new variant, and the code suggests it's older than first thought. "Analysis of this code reveals the latest discovery to be version 0.5 and that it was in operation between 2007 and 2009 with indications that it, or even earlier variants of it, were in operation as early as 2005," the company said in a blog post.

Stuxnet is assumed by many to be of US origin, and The New York Times last year said the attack against the Iranian facility was part of a campaign called "Olympic Games" that started during President Bush's term and has been continued by President Obama.

The earlier version, Stuxnet 0.5, features an attack vector that was disabled in the subsequent version. Part of the attack interferes with centrifuge valves, with the aim of increasing pressure to breaking point, while altering instrument readings to hide the damage.

"Whether the attack succeeded in this manner or not remains unclear," Symantec said. "Even if the attack did succeed, the attackers decided to switch to a different strategy, of attacking the speed of the centrifuges themselves instead, in Stuxnet 1.x versions."

Unlike the later versions, Stuxent 0.5 didn't make use of flaws in Microsoft products to spread from one PC to another.

Stuxnet 0.5 was designed to stop contacting its control servers in 2009.