Data Shows Iran No Longer A Stuxnet Hotspot

ID THREATPOST:CE4168EE9795E797BB2055C9C21699DA
Type threatpost
Reporter Paul Roberts
Modified 2018-08-15T10:22:20


Kaspersky Lab released its malware statistics report for September. Buried among the data on the top malware detected on users’ machines and being pushed from malicious Web sites is an interesting factoid: Iran no longer ranks as a Stuxnet hotspot, while India continues to struggle with the effects of the sophisticated virus.
The data, compiled from systems running Kaspersky’s security software, isn’t authoritative and represents just a slice of infected systems in the countries in question. However, it suggests that Stuxnet – a sophisticated virus that is believed to have been a targeted attack against Iran’s uranium enrichment facilities – is no longer prevalent in that country. India, which has registered the most Stuxnet infections, continues to struggle to eradicate the virus, Kaspersky’s data suggests.

We’ve been hearing for a while that Iran was taking aggressive steps to contain the Stuxnet virus. India has been the epicenter of Stuxnet infections since it was first detected, with Iran the country with the third most infections. The number of reported infections in Iran has steadily decreased during that time. Kaspersky Lab researcher Aleks Gostev wrote on September 26 that Iran was doing a good job cleaning systems infected by the virus. He predicted, then, that the country would soon cease to be one of the centers of the epidemic. Data from Kaspersky’s September report appears to confirm that prediction.

Speaking at the Virus Bulletin Conference in Vancouver last week, researcher Liam O’Murchu from Symantec mostly agreed with reports that Stuxnet was targeted at Iran’s nuclear enrichment facilities and that it was the creation of Israeli intelligence. But researchers, including those from Kaspersky Lab, have also been quick to point out that the exact objectives of those who designed and released the virus are still unknown and mostly a matter of conjecture.

And, for each of the Stuxnet theories, there’s convincing evidence both pro and con, as a recent article on points out. In the end, Iran could have been the target – or just collateral damage. And, as Kaspersky’s data from September suggest, the brunt of Stuxnet infections is being felt in India and Indonesia, as well as other developing countries such as Russia and Afghanistan, rather than Iran.

As Threatpost’s Dennis Fisher makes clear in his recent editorial, debate about Stuxnet’s intended target is largely academic. The virus Stuxnet was a kind of Pandora’s Box: unleashing a storm of new era of sophisticated SCADA-aware malware into the public domain and broadening the scope and ambitions of malware writers beyond Windows servers and desktops to include critical infrastructure of all kinds. That, more than any geopolitical consideration, is likely to be the legacy of Stuxnet.