Published February 27, 2013
Researchers have discovered an earlier variant of the mysterious, military-grade Stuxnet computer worm that crippled Iran's nuclear research efforts almost three years ago.
Stuxnet was thought to have been first used by the United States and Israel in June 2010. But today, researchers at U.S. security firm Symantec announced that the virus has been operating in the wild since 2007, and that a command-and-control server was registered near the end of 2005.
The 2007 variant was programmed to create physical damage to a specific uranium enrichment facility; it programmed valves and centrifuges to cause damage by creating improper amounts of pressure in the system. This earlier variant sheds more light on what, exactly, the worm was supposed to do.
"Whether the attack succeeded in this manner or not remains unclear," Symantec said in its report. "Even if the attack did succeed, the attackers decided to switch to a different strategy, of attacking the speed of the centrifuges themselves instead, in Stuxnet 1.x versions."
It may not be possible to draw a direct correlation between Stuxnet and a November 2010 announcement about the stoppage of uranium enrichment. But the Institute for Science and International Security said Stuxnetwas a reasonable explanation for the apparent damage.
The worm was first discovered in 2010, after spreading to an engineer’s laptop and subsequently the Internet.
"Stuxnet proved that malicious programs executing in the cyberworld could successfully impact critical, national infrastructure," Symantec wrote on its blog Tuesday, Feb. 26. "The earliest known variant of Stuxnet was [thought to be] version 1.001, created in 2009. That is, until now." [See also: Stuxnet Malware Hit Five Sites Before Target]
Investigations by Iran and three other European nations concluded that Stuxnet was a joint U.S.-Israeli effort to subvert Iran's nuclear program. To many, it represents the beginning of an era of cyberwarfare on a much larger scale than had been seen before.