Good run-down of Stuxnet (PDF), one of the most sophisticated (known) pieces of malware out in the wild.
This is not a thing some bored teenager wrote in his basement, nor is it the usual mafia-sponsored piece of crimeware. This is a state-written cyberweapon.
Of course, the problem with Stuxnet is that, once it’s out there, it’s out there. And its not just Iranian uranium enrichment plants that are feeling the hurt: since Stuxnet’s discovery, literal millions (if not more) of dollars have been poured into trying to remove it from SCADA systems worldwide. That’s power stations and water treatment plants and so on, if you’re wondering. Civilian infrastructure. And yes, code like Stuxnet does, in theory, have the power to cause real-world physical damage (think: city-block levelling explosions). That’s some serious collateral damage.
I’m actually kinda shocked no one’s thought of suing yet.