phaseolus: I design and program industrial control systems and PLCs for a living, so this is probably the most interesting news story Fark's pointed me to so far this year.

fta: "Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control..."

That debunks my first thought, which was "how do we know this isn't just Rockwell Software behaving badly?"

It's a curious puzzle. Since PLC code's generally custom-written by an engineer for a particular machine/plant/whatever, how's it even possible for the worm to identify the process it wants to mess with? Or, why doesn't it already know where to look, why is it resorting to searching every box around the world?

Reusable code for PLCs isn't totally unknown. Controls vendors often write application-specific code for various purposes that engineers can drop in and customize a little, though "nuclear reactor control" seems like a market that's a little small to make it worthwhile for Siemens to write prepackaged code, though I could be wrong.

My best guess -- the targets of this worm became known either when they a.) purchased some control software/hardware from Siemens or a systems integrator or b.) tried to get applications help when they started up their evil-scheme-inator. They gave just enough info to the vendor to arouse suspicion, and kept too many secrets. Word got around at the Sales office/Integrator/Tech Support desk about the crazy angry frantic customer with the funny accent who demanded answers but wouldn't give any details about what sounded like a uranium enrichment centrifuge or something, and someone contacted an intelligence agency. Hence how the malware developers know which code to look for.

But that's just a guess.