Security experts reveal Stuxnet worm sibiling Duqu
Source: Dean Wilson
THE INFAMOUS STUXNET COMPUTER WORM that crippled an Iranian nuclear fuel plant last year now has a sibling called Duqu that's already in place on European computers, according to a detailed report by an anonymous research lab.
The virus, named after the DQ prefix it adds to files it creates, is reportedly "very similar to Stuxnet", according to security firm Symantec, which gained access to the report and samples of the virus. "Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose. Duqu is essentially the precursor to a future Stuxnet-like attack."
Symantec revealed that the the Duqu virus is designed to gather industrial control system data, including keystrokes from engineers, in an effort to compile information for a possible further attack some time in the future.
The difference between Duqu and Stuxnet is that the former is mainly a remote access trojan, designed to steal information, and the virus does not self-replicate. Stuxnet, however, affects industrial control systems much more directly, so much so that it can alter their operations in an effort to cause extreme damage, which many experts believe is what happened to Iran's nuclear fuel enrichment systems.
"The creators of Duqu had access to the source code of Stuxnet," Symantec said, according to Reuters. It is widely believed that the US or Israel was behind development of the Stuxnet worm, which means that this could be a follow-up monitoring attempt or perhaps a response from Iran to try to find a rival target to sabotage.
The US Department of Homeland Security said that it is aware of the virus, has issued a public alert, and is working to analyse the worm.
| }
|