"Malware Aimed at Iran Hit Five Sites, Report Says"

This article from the New York Times by John Markoff (February 11, 2011) summarizes a report from computer security software firm Symantec analyzing the Stuxnet worm. They found that there were "three waves of attacks."

Liam O Murchu, a security researcher at the firm, said his team was able to chart the path of the infection because of an unusual feature of the malware: Stuxnet recorded information on the location and type of each computer it infected.

Symantec analyzed samples of the worm from "various" computers and "determined that 12,000 infections could be traced back to just five initial infection points."

The tracking information was apparently intended to allow the attackers to learn whether the target computers became infected.

Sophisticated malware meets sophisticated analysis.

Ken Pimple, PAIT Project Director