I find this interesting. I think it is easy to infect PC based Scada systems. Windoze is a virus magnet. Infecting the scada systems so that they down code to a PLC is something else. This requires knowledge of which scada system and PLC is being used. Frankly, if Siemens gets a black eye for having easy to infect software then good. I know that Rockwell and Delta Computer Systems can't and wouldn't sell stuff to Iran and it pi$$e$ me off that Siemens would.
However, I don't think this was caused by a state or anything so sinister. It is probably a bunch of black hat hackers that are taking advantage of a situation. If I were to write the worm it would have done nothing until the reactors started and created enough power to damage the core. It is possible to create enough damage so that the reactors are not usable without causing any or little external damage.
I still think this is all media hype and their facts are all wrong. I can only wish that our NSA or CIA was half as smart to do these kinds of things but if they can then I think they blew it by not waiting until the reactors started. If so then what incompetent idiots. Oh yeah the same one that protected us from 9/11. FAIL.