Researchers Warn of New Stuxnet Worm

Dennis Faas's picture

A security company says a newly discovered piece of malicious software ("malware") appears to be heavily based on the Stuxnet worm. Stuxnet, was (as of last year) dubbed the most threatening malware ever created.

However, the new version of this worm appears to be designed for intelligence gathering to make a future attack easier, rather than causing damage.

Stuxnet Virus Attacks Nuclear Reactors

Stuxnet was one of the most sophisticated viruses in recent years.

Although it spread around the world and infected Windows PCs, its main target was industrial control systems in Iran. Once it infected machines there, it appears to have used custom-made code to sabotage equipment in Iran's nuclear program, causing the machines to operate at an unusual frequency until they were seriously damaged.

Security firm Symantec says the new threat is "essentially the precursor to a future Stuxnet-like attack." It says the similarities are so great it was clearly written by the Stuxnet authors or somebody with access to Stuxnet's source code. (Source: symantec.com)

Threat Comes to Light in Hungary

The new threat has been dubbed W32.Duqu, or simply Duqu, a name taken from the fact that some of the files it creates contain the letters DQ.

The name came from the Laboratory of Cryptography and System Security in Hungary which discovered the threat, though initially its involvement was kept under wraps. It's not clear why this approach was used, though it's possible those involved believed Symantec was better placed to publicize the findings and handle the media interest. (Source: crysys.hu)

Analysis shows Duqu isn't designed to damage equipment in the same way as Stuxnet, but instead uses the same tactics to gain remote access to systems.

Unlike Stuxnet, Duqu does not self-replicate and spread to other machines, suggesting its users are very confident about getting directly to the target. At the moment, Duqu is set to self-destruct after 36 days, though this can be extended remotely.

Advance Intelligence Mission Tool

These findings lead Symantec to conclude that Duqu is more of an intelligence tool than a direct weapon. The aim is not to cause damage as Stuxnet did, but rather to gain more information about how the targets work, making it easier to carry out an attack later.

That may also suggest that the creators lack inside info about how the target equipment operates. That's in contrast to the Stuxnet attacks, where the code was specifically written for the target system, suggesting the attackers had information from its original manufacture.

Rate this article: 
No votes yet