Stuxnet Infected (But Didn't Affect) Chevron Network In 2010 82
Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"
Payload was specific - Transport, not so much (Score:5, Informative)
The transport used was fairly generic in nature, but since the payload was aimed at a specific controller [wikipedia.org] used on centrifuges its not surprising that it had little effect elsewhere [symantec.com].
Even if that Siemens motor controller was common, its use case in Iran was rather specific, and chances are the payload was pretty specific to exact firmware levels. From Wiki:
While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, and contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012.
Had it been given a shorter life span than two years, chances are it would never have been discovered.
The real risk here is that others have climbed on board this train and are using essentially the same engine for other purposes.