Iran suspects that a foreign organization or nation designed “Stuxnet,” a quickly mutating computer worm that has been infiltrating industrial computer systems in the Islamic republic, a high-ranking official said on Monday.
“We had anticipated that we could root out the virus within one to two months,” Hamid Alipour, deputy head of Iran’s Information Technology Co., a part of the ministry of communication and information technology, told the Islamic Republic News Agency.
“But the virus is not stable, and since we started the cleanup process three new versions of it have been spreading,” he said.
No one has claimed responsibility for the worm and no entity or country has been definitively identified as its source. It is the first known case of malware designed to sabotage an industrial control system.
“We’ve never seen anything like this before,” said Liam O’Murchu, a researcher with the security firm Symantec. “It’s very dangerous.”
International computer security experts say Stuxnet was designed to target control systems produced by Siemens, a German equipment manufacturer.
Siemens products are widely used in Iranian electricity plants, communication systems and in the country’s first nuclear power plant, near the city of Bushehr, set to start production in October.
Once inside the target system, the worm is capable of reprogramming the software that controls critical functions. Researchers still do not know what type of system it had in its sights or what type of sabotage was intended.
The worm was discovered in June, and researchers found about 45,000 infected computers in various countries, including Indonesia and India. But the vast majority were in Iran, leading analysts to conclude that a system in Iran was the likely target.
Iranian officials said Saturday that they had been hit by “electronic warfare” and acknowledged that the worm had infected more than 30,000 computers, including personal computers owned by employees of the nuclear power plant near Bushehr.
Although the officials said over the weekend that the facility itself was not in danger.
Because of the worm’s reach and complexity and the huge investment required to write the code, Alipour said he thinks the virus was designed by a foreign organization or country. Israel and India are among the countries on Iranian experts’ list of suspects.
( In exclusive partnership with The Washington Post. For additional content, visit www.washingtonpost.com )