Computer security experts get a copy of malware called Stuxnet so they can write the counter for it - and in the process they discover something very, very interesting:
Within a week ... about 38,000 infected machines were reporting in from dozens of countries. Before long, the number would surpass 100,000. Stuxnet was spreading rapidly, despite signatures distributed by antivirus firms to stop it.Read the whole thing at Wired.
As Chien and O Murchu mapped the geographical location of the infections, a strange pattern emerged. Out of the initial 38,000 infections, about 22,000 were in Iran. Indonesia was a distant second, with about 6,700 infections, followed by India with about 3,700 infections. The United States had fewer than 400. Only a small number of machines had Siemens Step 7 software installed—just 217 machines reporting in from Iran and 16 in the United States.
The infection numbers were way out of sync with previous patterns of worldwide infections—such as what occurred with the prolific Conficker worm—in which Iran never placed high, if at all, in infection stats. South Korea and the United States were always at the top of charts in massive outbreaks, which wasn't a surprise since they had the highest numbers of internet users. But even in outbreaks centered in the Middle East or Central Asia, Iran never figured high in the numbers. It was clear the Islamic Republic was at the center of the Stuxnet infection.
The sophistication of the code, plus the fraudulent certificates, and now Iran at the center of the fallout made it look like Stuxnet could be the work of a government cyberarmy—maybe even a United States cyberarmy.
(H/t Schneier)
0 comments:
Post a Comment