Kaspersky was able to deduce the five companies victimized by Stuxnet because the malware logs the names and addresses of the machines it infects, and the names included clues that led to the names. For example, the name APPLSERVER NEDA was logged for a machine infected July 7, 2009, which likely meant it was an application server within Neda Industrial Group.
Coincidentally, one of the compromised machines at Foolad was named KASPERSKY ISIE. "When we first saw the computer's name, we were very much surprised," says Kaspersky's Gostev. "The name could mean that the initial infection affected some server named after our anti-malware solution installed on the machine."
Sign up for Computerworld eNewsletters.