Also on Saturday, the Associated Press (AP) news service said that experts from Iran's nuclear energy agency met last Tuesday to plan how to remove Stuxnet from infected PCs. Citing the ISNA news agency, another Tehran-based organization, the AP said no victimized plants or facilities had been named.
Speculation about Stuxnet's likely target has focused on the Bushehr reactor. Saturday, the Web site of Iran's Atomic Energy Organization included a link to a lengthy Mehr story on Stuxnet .
That story noted that government officials said that "serious damage that caused damage and disablement" had been reported to officials.
Although Bushehr is not yet operational, workers began loading nuclear fuel into the reactor last month.
Stuxnet, called "groundbreaking" by one analyst who pulled apart its code, used multiple unpatched, or "zero-day" vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, hid its code by using a rootkit, and reprogrammed PLC (programmable logic control) software to give new instructions to the machinery that software managed.
Microsoft has patched two of the four zero-day vulnerabilities exploited by Stuxnet, and has promised to fix the remaining two flaws at some point.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com .
Read more about security in Computerworld's Security Topic Center.