Symantec says its research shows that Stuxnet malware is not only controlled via a command and control infrastructure, but can also spread via a peer-to-peer communications channel, reports InformationWeek. Symantec's Liam O Murchu explains:
Infected machines contact each other and check which machine has the latest version of the threat installed. Whichever machine has the latest version transfers it to the other machine and in this way the worm is able to update itself without contacting a central command and control server.
As researchers study the worm, they are discovering more and more. Security experts now believe that Stuxnet was built to specifically target Iran's Bushehr nuclear reactor, according to Computerworld. This theory stems from research by Ralph Langner, a well-respected expert on industrial systems security, which shows that Stuxnet actually looks for very specific settings in Siemens software systems, and then injects its own code into that system. Langner says that attack is complex, which means the target "must be of extremely high value to the attacker."
Iran's Bushehr reactor is currently under construction. But Computerworld notes that Bushehr experienced delays last year, just months after Stuxnet is thought to have been created. And perhaps more importantly, it uses the Windows-based Siemens PLC software that Stuxnet targets.