The Stuxnet software worm repeatedly sought to infect five industrial facilities in Iran over a 10-month period, a new report says, in what could be a clue into how it might have infected the Iranian uranium enrichment complex at Natanz.
The report, released Friday by Symantic, the Norton antivirus publishers, said there were three waves of attacks.
The team was able to chart the path of the infection because of an unusual feature in Stuxnet that recorded information on the location and type of each computer it infected which allowed the authors of Stuxnet to know if they had successfully reached their intended target.
By taking samples of Stuxnet they had collected from various computers, the researchers were able to build a model of the spread of the infection. They determined that 12,000 infections could be traced back to just five initial infection points.