The report, authored by security researchers Nicolas Falliere, Liam O
Murchu, and Eric Chien, cited 12,000 infections in Iran from Stuxnet, Middle East Newsline reported.
All of these infections were traced to five initial infection points.
The researchers were able to trace Stuxnet targets because the worm
recorded information on each infected computer. The report did not identify
the
domain names of the infected Iranian computers or the initial targets.
Up to four versions of Stuxnet were believed to have been written, the
report said. Stuxnet was said to have arrived in Iran either through an
infected
e-mail or a hand-held USB device that carried the attack code, which itself
suggested May 9, 1979, a significant date in Iranian history.
"While on May 9, 1979 a variety of historical events occurred, according
to Wikipedia 'Habib Elghanian was executed by a firing squad in Teheran
sending shockwaves through the closely knit Iranian Jewish community,' " the
report said. " 'He was the first Jew and one of the first civilians to be
executed by the new Islamic government. This prompted the mass exodus of the
once 100,000 member strong Jewish community of Iran which continues to this
day..' "
Iran has blamed Israel and the United States for Stuxnet. Media reports
have cited cooperation between Israel and the United States in the testing
of Stuxnet.
"Symantec cautions readers on drawing any attribution conclusions," the
report added. "Attackers would have the natural desire to implicate another
party."
Stuxnet was said to have knocked out up to 1,000 gas centrifuges at the
uranium enrichment facility at Natanz. The report said Stuxnet contained two
attack modules that targeted the centrifuges.
"Thus, Stuxnet sabotages the system by slowing down or speeding up the
motor to different rates at different times," the report said.