New Zealand businesses running computer systems that could become infected with the Stuxnet virus should be "very concerned", says an Australian IT security expert.
The virus - which targets Siemens supervisory control and data acquisition (Scada) systems - was first identified in June.
However, Iranian state media reported on Monday that the virus was mutating and causing widespread damage to industrial equipment in Iran, where 30,000 IP addresses had been infected. "What was once a theory, in terms of criminals being able to control physical plants and equipment, is now a reality," said Steve Martin, a Sydney-based director at internet security firm Symantec.
Martin said Scada systems were commonly used to control "critical infrastructure" such as pipelines, power plants, oil refineries, dams and manufacturing facilities.
The virus could potentially take over a dam and open its floodgates, he said.
A spokesperson for Mighty River Power, which runs power generating dams on the Waikato River, said its Siemens control systems were not susceptible to the Stuxnet virus.
"We don't run Windows 2000, either, which we understand is the doorway for the virus," the spokesperson said.
Martin said that although 60 per cent of Stuxnet attacks had occurred in Iran, New Zealand companies using systems that could become infected should remain vigilant to the threat.
Most control systems were not connected to the internet, which meant the virus was entering them via USB sticks that had previously been used in infected personal computers, he said.
Martin said companies should take steps to limit the number of people who could gain access to a control system with a USB stick.
It appeared infected PCs simply acted as hosts and were not damaged by the Stuxnet worm, he said.
"The malicious code is sophisticated to a level that we have never seen malicious code written before. We estimate that it has taken up to 10 people more than six months to write. It's quite worrisome."
Martin said the virus had already spread beyond Iran to India, South Korea and Indonesia.
Hamid Alipour, deputy head of Iran's Information Technology Company, was reported as saying those behind the virus' creation would have enjoyed "huge investment" from foreign countries or organisations.
Martin said those who wrote the virus would have required access to expensive control systems to test it.
Iranian officials have denied that the Islamic Republic's first nuclear plant, at Bushehr, was among the installations penetrated by the virus.
A Siemens spokesperson said that upon notification of the virus, the company provided a detection and removal tool for customers within seven days.
"By the beginning of August, Microsoft closed the security breach in the operating system which meant the virus could no longer infiltrate any plant with the updated Microsoft patches."
- additional reporting AFP
Computer virus risk to NZ systems, warns expert
AdvertisementAdvertise with NZME.
