According to researchers at Symantec (http://search.techworld.com/tag/victim), they've identified an early version of the Stuxnet worm that was created in June 2009, and that the malicious software was then made much more sophisticated in the early part of 2010. This earlier version of Stuxnet acts in the same way as its current incarnation - it tries to connect with Siemens control systems and steal data - but it does not use some of the newer worm's more remarkable techniques to evade antivirus detection and install itself on Windows systems. Those features were probably added a few months before the latest worm was first disclosed in late July 2010.
Where was DOE, DHS, US CERT, Siemens, etc to inform industry in mid-2009 or even early 2010? This certainly points out another reason why the IT and ICS communities need to work closer together. I have more questions about what is happening with Stuxnet as many of the answers to date do not make sense to me.
Joe Weiss
