“The amount of unique identifiers basically equals to unique Stuxnet infections; it is safe to say that in 2013 and 2014 there were at least 153 distinct infected machines with Stuxnet,” Kleissner says in the paper Internet Attacks Against Nuclear Power Plants [PDF].
“It is inevitable that existing malware infections lower the overall security of the particular machines and the entire networks and therefore make it easier (or possible at all) for anyone else to intrude the system.”
Kleissner says the remaining infections are divided between India (23 percent), Indonesia (eight percent), and Saudi Arabia (seven percent).
The botnet wrangler had nabbed two command and control servers used in Stuxnet allowing him to gain insight into the active infections.
The infected boxes appear to be isolated puppets no longer being controlled by the United Statesattackers, but are nonetheless exposed to hijacking by anyone in control of those servers.
Who could possibly be controlling these remaining slaves and to what end?