Wired: The first sign of the Stuxnet virus wasn’t discovered by computer security researchers. Instead, in January 2010 investigators with the International Atomic Energy Agency noticed that workers at a uranium enrichment plant in central Iran were switching out centrifuges at an incredible rate.
The Stuxnet worm, the world’s first real cyberweapon, was unleashed in June 2009. But it would take a year before the first computer security researcher would stumble across it. This lengthy article tells the story of how those researchers figured out what the malware did.