The Stuxnet saga continues to unfold as researchers investigating the virus release more information. For those not up-to-speed on the Stuxnet virus and its impact on automation and control systems, see my earlier blog posts on the subject by clicking here.
More news on the virus now comes via a report from Kim Zetter of Wired who notes that Symantec’s research into the virus indicates that “Stuxnet targets specific frequency converter drives — power supplies that are used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.”
Readers of my most recent blog post on the topic will recall what, at the time, I thought might be a not-so-tenuous connection between the virus and Iranian nuclear facilities. Symantec now claims that the Stuxnet virus doesn’t activate when it encounters any old frequency drive. Instead, it carefully “inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.” This helps explain why some countries, such as Iran, encountered far more instances of the Stuxnet virus causing problems than other countries.
Symantec further clarifies that Stuxnet targets only frequency drives from these two companies when the drives are running at high speeds-between 807Hz and 1210Hz. Though Symantec does not definitively say that Stuxnet was designed to target nuclear facilities, it does point out that “frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission, as they can be used for uranium enrichment.”
To see the entire article from Kim Zetter, follow this link: http://arstechnica.com/tech-policy/news/2010/11/clues-suggest-stuxnet-virus-was-built-for-subtle-nuclear-sabotage.ars