From what I have gathered the Stuxnet malware.worm had multiple infection vectors to the attempted target system and attempted to use as many Windows vulnerabilities as possible to get to the target system, even the distribution of USB sticks (maybe even planted throughout Afghanistan, Pakistan, Iraq etc i.e. Central Asia) hoping they would make their way into Iran.

This photo is interesting;



This photo apparently shows a windows screen shot of an actual process plant in operation at the Bushehr nuclear plant. No valid Siemens license is in use. Perhaps the rewriting PLC payload of the Stuxnet malware.worm was obstructed i.e. a valid license was required for remote reconfiguration of the PLC target in question. Perhaps the Iranians were already hand coding the PLCs via the PLC interfaces as a work around and this potentially saved the Bushehr nuclear plant from going bang. The published photo could be a two fingers, up yours response to those who initially created the malware.worm. It may have been quickly discovered by the Iranians and quickly reverse engineered to be sent back to potentially create havoc with other process control system that are used heavily around the rest of the world.

Perhaps its the western countries that are currently paranoid especially if the actual PLCs have been rewritten (apparently the recoding of the PLC is difficult to determine from an intial inspection) even though the actual windows Stuxnet malware.worm has been removed from the SCADA Windows based hub computer/controller.

The other worrying issue is that Western nuclear submarines (the main nuclear deterrent) all have a nuclear plant process systems for their main propulsion systems. Hopefully the USN and RN have a strict security policy with regard to USB sticks/cell phones/digital cameras etc getting on board.