clock menu more-arrow no yes

Filed under:

Newly discovered Stuxnet variant sheds light on the virus' development

New, 25 comments

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

security code graphic
security code graphic

Symantec says it has discovered a previously unknown variant of the Stuxnet worm used to target Iranian nuclear facilities. Stuxnet 0.5 is the oldest known variant of the software, thought to have been in development starting in 2005 and in the wild by 2007. The next known version of Stuxnet, Version 1.001, is from 2009, and the program was discovered in 2010. Like later versions, it was designed to attack Siemens industrial systems, particularly those at Iranian nuclear facilities, hijacking systems and carrying out predetermined tasks. Instead of directly targeting facilities' centrifuges by changing their speed, however, it focused on a different strategy: closing the valves responsible for feeding uranium hexafluoride gas, dangerously increasing the pressure and preventing operators from fixing the problem.

A post by Symantec details how the attack worked, as well as what it reveals about Stuxnet's development. The valve-closing strategy was abandoned by the time Version 1.001 was released, and this early version stopped infecting computers on July 4th, 2009. The strategy for spreading became more complex and aggressive as Stuxnet developed, taking advantage of more exploits, including Microsoft vulnerabilities. Version 0.5 also suggests a stronger link between Stuxnet and Flame, which were already thought to be connected based on a module discovered by Kaspersky. "The discovery of Stuxnet 0.5 shows that Stuxnet’s developers had access to the complete Flamer platform source code," says Symantec, noting that the two would become more distinct over later iterations.