SAN FRANCISCO — RSA CONFERENCE 2013 – Researchers at Symantec have identified an earlier version of the Stuxnet malware that shows that the cyberattacks on Iran’s Natanz nuclear plant date back as early as 2005 and targeted another piece of uranium-enrichment equipment.
Symantec found what it calls Stuxnet version 0.5 of the sophisticated cyberweapon among the samples it had collected from the version of the malware that was first discovered in the wild back in July 2010 and was created in 2009. The newly detected version of Stuxnet was in action mainly between 2007 and 2009, according to Symantec.. The cyberweapon malware was reportedly launched by the U.S. and Israel against Iran’s nuclear facility to derail the possible development of nuclear weapons.
“This [version 0.5] was not new in the wild. We looked back through our Stuxnet samples and found a component that didn’t fit,” says Liam O Murchu, manager of North American operations for Symantec Security Technology & Response. After studying the malware more closely, Symantec found it was indeed an older version of Stuxnet, and the security firm has detected a small number of machines around the world infected with the older Stuxnet—albeit dormant infections.
There may even other Stuxnet versions that predate 0.5, because there are signs of activity back in 2005 as well, when the attackers registered domain names for the attacks, O Murchu says. “This may not be first” Stuxnet iteration, he says. “There’s a chance there could be an older version than this.”