US government warns of potential new Stuxnet attack

Department of Homeland Security wonders if publishing its analysis on Stuxnet was so smart after all...

The US government's Department of Homeland Security (DHS) has warned that the Stuxnet virus which attacked Iran's nuclear programme a year ago, could be set for a return.

It admitted that as a result of disseminating so much detail relating to the malcious code, it might inadvertantly have given attackers sufficient information to build their own variants.

In a report published last week, Sean P McGurk and Roberta Stempfley of the DHS' Office of Cyber Security and Communications said: "Looking ahead, the Department is concerned that attackers could use the increasingly public information about [Stuxnet] to develop variants targeted at broader installations of programmable equipment in control systems.

"Copies of the Stuxnet code, in various different iterations, have been publicly available for some time now."

Kurt Baumgartner, a senior researcher at security firm Kaspersky Lab, said that experienced malware authors can be hired by criminals to perform these sorts of attacks on critical infrastructure.

"With the growing public body of knowledge on Stuxnet, the risk increases that these for-hire teams' efforts may be informed by the Stuxnet design."

However, despite being lauded by some for its sophistication, Stuxnet has its critics.

Nate Lawson of security design firm Root Labs said that the worm could have been better at hiding itself.

"Rather than being proud of its stealth and targeting, the authors should be embarrassed at their amateur approach to hiding the payload.

"[Stuxnet] does not use virtual machine-based obfuscation, novel techniques for anti-debugging, or anything else to make it different from the hundreds of malware samples found every day."