AFP: The malicious Stuxnet computer worm has hit 30,000 industrial computers in Iran, officials said on Sunday, but denied the Islamic republic’s first nuclear plant at Bushehr was among those infected.
By Laurent Maillard
TEHRAN (AFP) — The malicious Stuxnet computer worm has hit 30,000 industrial computers in Iran, officials said on Sunday, but denied the Islamic republic’s first nuclear plant at Bushehr was among those infected.
So far, Stuxnet has infected about 30,000 IP addresses in Iran, Mahmoud Liayi, head of the information technology council at the ministry of industries, was quoted as saying by the government-run newspaper Iran Daily.
Stuxnet, which was publicly identified in June, was tailored for Siemens supervisory control and data acquisition, or SCADA, systems commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
The worm is able to recognise a specific facility’s control network and then destroy it, according to German computer security researcher Ralph Langner, who has been analysing the malicious software.
Langner suspected Stuxnet was targetting Bushehr nuclear power plant, where unspecified problems have been blamed for delays in getting the facility fully operational.
Siemens said its software has not been installed at the plant, and an Iranian official denied the malware may have infected nuclear facilities.
“This virus has not caused any damage to the main systems of the Bushehr power plant,” Bushehr project manager Mahmoud Jafari said on Iran’s Arabic-language Al-Alam television network.
“All computer programmes in the plant are working normally and have not crashed due to Stuxnet,” said Jafari, adding there was no problem with the plant’s fuel loading process.
The official IRNA news agency meanwhile quoted him as saying that some “personal computers of the plant’s personnel” were infected by the worm.
And he told Fars news agency that so far, five versions of the malware had been detected in the country.
The self-replicating worm has been found lurking on Siemens systems mostly in India, Indonesia, Pakistan, but the heaviest infiltration appears to be in Iran, according to software security researchers.
Telecommunications minister Reza Taqipour said “the worm has not been able to penetrate or cause serious damage to government systems.”
“No serious damage to industrial systems (by Stuxnet) have been reported in the country,” he said.
According to Iran Daily, telecommunications official Saeed Mahdiyoun said “teams of experts had begun to systematically eliminate the virus.”
Meanwhile Liayi said without giving details that Stuxnet was “likely a (foreign) government project,” given its complexity.
The newspaper cited various experts who suggested the United States and Israel were behind the malware, evoking the “West’s electronic warfare against Iran.”
Liayi said industries were currently receiving systems to combat Stuxnet, while stressing Iran had decided not to use anti-virus software developed by Siemens because “they could be carrying a new version of the malware.”
“When Stuxnet is activated, the industrial automation systems start transmitting data about production lines to a main designated destination by the virus,” Liayi said.
“There, the data is processed by the worm’s architects and then engineer plots to attack the country.”
Iran’s nuclear ambitions are at the heart of a conflict between Tehran and the West, which suspects the Islamic republic is seeking to develop atomic weapons under the cover of a civilian drive.
Tehran denies the allegation and has pressed on with its enrichment programme — the most controversial aspect of its nuclear activities — despite four sets of UN Security Council sanctions.