New research from Symantec has uncovered new evidence that the elusive and sophisticated Stuxnet worm was quite possibly created to target and cripple Iran centrifuges. The security company wrote in a blog posted last Friday that it has narrowed down the target of the malware to just a couple of installations: One in Finland, and the other in Iran.

This conclusion was arrived at by studying the unique conditions under which the payload will trigger. In addition, Symantec says that its payload will only target industrial control systems that have frequency converter drives that work at an uncommonly high frequency. Without saying so in words, Eric Chien, technical director of Symantec Security Response wrote: "efficient low-harmonic frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment."

What is interesting is how Stuxnet was designed to covertly hijacked PLC code, causing it to change the output frequency--but only for a limited and irregular period of time. This essentially sabotages the target system from working properly, with its intermittency making detection difficult.

For more on this story:
- check out this article at Symantec Connect Blog
- check out this article at The Washington Post
- check out this article at CNET News

Related Articles:
Iran grappling with Stuxnet worm
How the Stuxnet worm works
Iran says it has detained computer worm suspects
Microsoft tool now scans for the Zeus Trojan
Zeus Trojan mules used fake names, passports
Crackdown on Zeus banking scam unearths massive cybercrime outfit