Security Experts:

After Stuxnet Dies, Iran's State Media Calls it a Failure

On June 24, with little fanfare, Stuxnet died. The malware exposed as being a government project aimed at slowing Iran’s nuclear intiatives, stopped replicating. Despite a reported link to a plant shutdown in Iran, the state run media called Stuxnet a failure.

“Stuxnet's mission was to destroy centrifuges, then itself. It is programmed to terminate June 24, 2012 - seven years to the day after Iranian President Mahmoud Ahmadinejad was elected president - a matter likely viewed by the Bush Administration with trepidation given his resolve on nuclear matters. If Stuxnet had succeeded, Iran might be out of the nuclear fuel refining game. It's not. So, is Iran rightly concerned about further cyber intrusions?” the FARS News Agency pondered.

Stuxnet is a project that allegedly started during the Bush Administration, and carried over to the Obama Administration. Based on research, the code itself was designed to do the job and go away. As it turned out, Stuxnet was only one of three programs that show signs of coming from the same development group. Flame and Duqu (discovered after Stuxnet, but developed before and shortly after respectively) also targeted Iran – and media reports link them to the U.S. as well.

Stuxnet was programmed to stop replicating on June 24, and when the larger story of the government’s malware program is examined, the date “probably [indicates] that the attackers were planning to have it long updated by June 1st, 2011 and retired or replaced by June 24th, 2012,” Kaspersky Lab's Costin Raiu wrote.

It isn’t unheard of for malware authors to include removal commands or kill switches. Duqu had a lifespan of just 30-days, and shortly after it’s discovery the controllers of Flame issued a kill command in an effort to remove all traces of its existence.

“We don’t see [planned shutdowns] very often in threats, it’s very unusual,” Liam O Murchu, manager of operations for Symantec Security Response told GCN in an interview. 

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.