Stuxnet — the most important malware we've seen in ages — has some interesting features when you look at it from a forensic viewpoint. For example, whenever it infects a new system, it records the date & time and some system information about the computer it just infected.
Which makes it possible to create a timeline of how Stuxnet spread.
We shared all Stuxnet samples we had collected with Symantec. Overall, they were able to collect more than 3000 unique samples from multiple security vendors.
Then they cross-references the samples to dig up some interesting facts. Such as:
• Stuxnet was a targeted attack on five different organizations. • They were targeted in June 2009, July 2009, March 2010, April 2010, and May 2010. • All targeted organizations have a presence in Iran.
You can find more information from their blog post.