It's a computer superworm called Stuxnet. It's apparently capable of causing nuclear power plants or pipelines to blow up and it's believed to have been created by Israel to disable Iran's nuclear programme.
Stuxnet, however, may have a blowback effect and it's got top computer security wizards in knots. According to National Public Radio, Stuxnet was the hot topic at yesterday's Virus Bulletin conference in Vancouver. The conference was organized by Symantec (Norton antivirus) whose experts have been analyzing Stuxnet for weeks:
Eric Chien, technical director at Symantec's Security Response Unit, says he and his colleagues have been stunned by what they've found. "I've been dealing with malicious code threats for 15 to 20 years now, I've seen every large sort of outbreak, and we've never seen anything like this," Chien says. "It's fundamentally changed our job, to be honest."
That's because studying a computer worm designed to sabotage a power plant or gas refinery is a far cry from thinking about some virus engineered by a lone hacker.
"It changes the urgency at which we have to analyze these threats and understand them and make sure that people who are affected know they are affected and how to get themselves cleaned up," Chien says.
The Symantec researchers say the Stuxnet worm was designed by a well-funded, well-organized group, perhaps affiliated with a government. They're convinced it was meant to target facilities in Iran. The worm was apparently designed to penetrate and take over the computerized control system used in nuclear plants there.
But it's becoming clear that the repercussions may go far beyond Iran.
"Now that it's released, numerous other people will take that and go, 'aha,' " says Stephen Spoonamore, a veteran cybersecurity consultant who has spent years pursuing hackers. He thinks some other group may now be able to take the Stuxnet computer code and modify it slightly to create its own cyber superweapon.
Spoonamore says it probably would have been better if Israel had simply bombed Iran's nuclear facilities. "Compared to releasing code that controls most of the world's hydroelectric dams or many of the world's nuclear plants or many of the world's electrical switching stations? I can think of very few stupider blowback decisions."