A highly sophisticated computer worm that has spread through Iran, Pakistan, India and Indonesia was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor, according to US media reports. That's the emerging consensus of computer security experts who have examined the Stuxnet worm. The highest concentration of affected systems -- almost 60 percent -- is in Iran, according to data from Symantec Corporation, the computer-security software maker. The worms sophisticated programming and ability to hide itself suggest it may have been built by a government-sponsored organization in a country such as the U.S. or Israel, said Frank Rieger, technology chief at GSMK, a maker of encrypted mobile phones. He estimated that building the worm cost at least $3 million and required a team of as many as 10 skilled programmers working about six months. All the details so far to me scream that this was created by a nation-state, Rieger said in an interview with Bloomberg News. Irans nuclear facilities may have been targets, said Rieger and Richard Falkenrath, principal at the Chertoff Group, a Washington-based security advisory firm. Iran, which has the worlds second-largest oil reserves, is under United Nations sanctions because it has refused to curtail uranium enrichment and the development of ballistic missiles that might carry a weapon. The country started a 1,000-megawatt nuclear-power reactor near the city of Bushehr in August. It is theoretically possible that the U.S. government did this, Falkenrath said during an interview today with Bloomberg Television. But in my judgment, thats a very remote possibility. Its more likely that Israel did it. A message left at the Israeli embassys press office wasnt immediately returned. The U.S. Department of Homeland Security, which is studying the worm, hasnt identified its origins, a spokeswoman said. The worm initially infects computers running several editions of Microsoft Corp.s Windows, including older versions such as Windows 2000, and recent ones such as Windows 7, using one of four vulnerabilities known only to the worms creators, said Liam Murchu, manager of North American security-response operations for Mountain View, California-based Symantec. It hides in Windows and then tries to spread itself to other computers running Windows, Murchu said. An infected computer shows no ill effects and the worm ensures that no software crashes, which is unusual, he said. As it spreads, the worm searches for connections to a device known as a programmable logic controller, which helps link Windows computers and computerized industrial-control systems, converting commands sent from the Windows machine into a format the industrial machines can understand. The worm targets industrial software made by Munich-based Siemens AG, researchers said. Once an industrial machine is infected, the worm lies dormant until certain conditions in the machine are met, Murchu said. For example, when the temperature of a certain component gets hot, the worm might prevent a cooling system from functioning. What conditions the worm waits for are unclear, he said. 'It was designed to go after a specific system set up in a very specific way, Murchu said. What we dont yet know is where such a system exists in the real world. Symantec estimated in July that 14,000 individual computers connected to the Internet worldwide had shown signs of Stuxnet infections. The highest concentration -- 59 percent -- were in Iran; 18 percent were in Indonesia; 8 percent in India and less than 2 percent in the U.S. Siemens learned of the worm in July and issued software within a week to detect and remove it, said Alexander Machowetz, a company spokesman in Erlangen, Germany. The fix was downloaded 12,000 times, and 15 customers said they were affected. No new cases of Stuxnet infections have been reported since the end of August, and Siemens was not able to determine the worms country of origin, Machowetz said. The U.S. Department of Homeland Security has been running the worm on test systems to monitor its patterns since July, said Amy Kudwa, a department spokeswoman. Preventing the Spread The focus is one of mitigating and preventing the spread, she said. It is the first malware we have seen that specifically targets control systems. While the department hasnt concentrated on tracking the origins, we cannot validate the claims of attribution, Kudwa said.