Symantec reveals Stuxnet dates back to 2005
By Nicole Kobie
Posted on 27 Feb 2013 at 10:34
The Stuxnet malware used to attack Iran was in the wild as far back as 2007 and in operation as far back as 2005, according to Symantec.
Stuxnet was first uncovered in 2010, after it was used to target an Iranian uranium enrichment facility via its SCADA control systems, and was believed to be first released in 2009.
Symantec has uncovered a new variant, and the code suggests it's older than first thought. "Analysis of this code reveals the latest discovery to be version 0.5 and that it was in operation between 2007 and 2009 with indications that it, or even earlier variants of it, were in operation as early as 2005," the company said in a blog post.
Stuxnet is assumed by many to be of US origin, and The New York Times last year said the attack against the Iranian facility was part of a campaign called "Olympic Games" that started during President Bush's term and has been continued by President Obama.
The earlier version, Stuxnet 0.5, features an attack vector that was disabled in the subsequent version. Part of the attack interferes with centrifuge valves, with the aim of increasing pressure to breaking point, while altering instrument readings to hide the damage.
"Whether the attack succeeded in this manner or not remains unclear," Symantec said. "Even if the attack did succeed, the attackers decided to switch to a different strategy, of attacking the speed of the centrifuges themselves instead, in Stuxnet 1.x versions."
Unlike the later versions, Stuxent 0.5 didn't make use of flaws in Microsoft products to spread from one PC to another.
Stuxnet 0.5 was designed to stop contacting its control servers in 2009.
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software