Out in the Wild, Government-Created Stuxnet Virus Now Infecting Corporations

Stuxnet on the loose, in the wild

Stuxnet’s command and control. (Krebs On Security)

In Stephen King’s apocalyptic horror novel The Stand, a government-created virus escapes into the wild and kills most of the people on Earth. About two years ago, a similar scenario almost came true–but, fortunately for living creatures the bug was the U.S.-and-Israeli-made Stuxnet malware. The unintended victim was Chevron’s computer network.

Stuxnet was the highly sophisticated worm that successfully infiltrated Iran’s nuclear enrichment plants in 2010. According to The Wall Street Journal, Stuxnet wasted no time infecting friends as well as foes:

Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. “I don’t think the U.S. government even realized how far it had spread,” he told CIO Journal. “I think the downside of what they did is going to be far worse than what they actually accomplished,” he said.

As the WSJ’s Rachael King notes, Chevron’s Stuxnet infection was apparently unintentional, “much like an experimental virus escaping from a medical lab.”

It might be premature to say Stuxnet was the cyberweapon equivalent of Stephen King’s fictional Captain Trips virus, since it seems Chevron wasn’t too badly damaged by the infection. But we wouldn’t be surprised if someone were already using that code name for something still in development.

Out in the Wild, Government-Created Stuxnet Virus Now Infecting Corporations