Siemens has issued a fix for the software loopholes used by the notorious Stuxnet worm.
Stuxnet was discovered in 2010 after investigations into malfunctions at many industrial plants and factories.
Iran’s nuclear enrichment efforts were hit hard by Stuxnet which targeted the devices that control delicate industrial processes.
The fix comes as reports circulate of a fresh cyber attack on Iranian nuclear enrichment project.
Stuxnet exploited loopholes in the software Siemens wrote to oversee the running of its programmable logic controllers – devices used in many industrial facilities to automate a production process.
Siemens has issued a fix for the software loopholes used by the notorious Stuxnet worm
When a controller was infected with Stuxnet it made the motors it was typically connected to run out of control and burn out. This is believed to have been behind Iran’s need to replace many of the centrifuges it was using in its Natanz uranium enrichment plant.
Siemens has issued advisories saying it has updated the Simatic code in the controllers to remove the loopholes.
It is not yet clear who created Stuxnet, but security researchers say it is so complex and tightly targeted that only a nation would be able to marshal the resources to put it together.
Stuxnet is just one of several similar malicious programs created to attack industrial control systems.
Experts speculate that many were made to slow down and disrupt Iran’s nuclear production processes.
Iran has regularly denied that the viruses have hit its nuclear programme.
The Siemens update comes as security firm F-Secure received an email believed to have been sent by a scientist working at Iran’s Atomic Energy Organization.
In the message, the scientist said its plants at Natanz and Qom have been hit again by a worm.
Top F Secure security researcher Mikko Hypponen said it had not been able to confirm any of the details in the message. However, digital detective work did reveal that the message had come from within the Atomic Energy agency.
On July 23, Iran issued a statement saying it had successfully “confronted” sophisticated malware and thwarted all the cyber attacks against the nation’s infrastructure.
Reza Taqipur, Iran’s minister of communication and information technology, said it was sometimes hit by as many as two million cyber attacks a day, but its ability to deal with them was growing daily.
Researchers have found that the teams responsible for the Flame and Stuxnet cyber-attacks worked together in the early stages of each threat’s development.
Flame, revealed last month, attacked targets in Iran, as did Stuxnet which was discovered in 2010.
Kaspersky Lab said they co-operated “at least once” to share source code.
“What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected,” Kaspersky Lab said.
Alexander Gostev, chief security expert at the Russian-based security company added: “The new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups co-operated at least once.”
Researchers have found that the teams responsible for the Flame and Stuxnet cyber-attacks worked together in the early stages of each threat's development
Vitaly Kamluk, the firm’s chief malware expert, said: “There is a link proven – it’s not just copycats.
“We think that these teams are different, two different teams working with each other, helping each other at different stages.”
The findings relate to the discovery of “Resource 207”, a module found in early versions of the Stuxnet malware.
It bears a “striking resemblance” to code used in Flame, Kaspersky said.
“The list includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming,” Alexander Gostev said.
Recently, a New York Times investigation – based on an upcoming book – singled out the US as being responsible for Stuxnet, under the direct orders of President Barack Obama.
The report said the threat had been developed in co-operation with Israel.
No country is yet to publicly take responsibility for the attack.
Speaking about Flame, a spokesman for the Israeli government distanced the country from involvement following an interview in which a minister seemed to back the attacks.
“There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus,” the spokesman said.
Last week, the UN’s telecommunications head Dr. Hamadoun Toure said he did not believe the US was behind Flame, and that reports regarding the country’s involvement in Stuxnet were “speculation”.
Prof. Alan Woodward, a security expert from the University of Surrey, described the findings as interesting – but not yet a clear indicator of who was behind the attacks.
“The fact that they shared source code further suggests that it wasn’t just someone copying or reusing one bit of Stuxnet or Flame that they had found in the wild, but rather those that wrote the code passed it over,” he said.
“However, everything else still indicates that Flame and Stuxnet were written designed and built by a completely separate group of developers.
“At the very least it suggests there are two groups capable of building this type of code but they are somehow collaborating, albeit only in a minor way.”
