Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems.
According to data compiled by Symantec Corp., nearly 60 percent of all systems infected by the worm are located in Iran. Indonesia and India have also been hard-hit by the malicious software, known as Stuxnet.
Looking at the dates on digital signatures generated by the worm, the malicious software may have been in circulation since as long ago as January, said Elias Levy, senior technical director with Symantec Security Response.
More from IDG News Service
Siemens: Removing SCADA worm may harm plants
Stuxnet was discovered last month by VirusBlokAda, a Belarus-based antivirus company that said it found the software on a system belonging to an Iranian customer. The worm seeks out Siemens SCADA (supervisory control and data acquisition) management systems, used in large manufacturing and utility plants, and tries to upload industrial secrets to the Internet.
Symantec isn't sure why Iran and the other countries are reporting so many infections. "The most we can say is whoever developed these particular threats was targeting companies in those geographic areas," Levy said.
The U.S. has a long-running trade embargo against Iran. "Although Iran is probably one of the countries that has the worst infections of this, they are also probably a place where they don't have much AV right now," Levy said.
Siemens wouldn't say how many customers it has in Iran, but the company now says that two German companies have been infected by the virus. A free virus scanner posted by Siemens earlier this week has been downloaded 1,500 times, a company spokesman said.
Earlier this year, Siemens said it planned to wind down its Iranian business -- a 290-employee unit that netted 438 million Euros in 2008, according to the Wall Street Journal. Critics say the company's trade there has helped feed Iran's nuclear development effort.