Get flash to fully experience Pearltrees
By Jim Finkle and Supantha Mukherjee (Reuters) - Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.
Stuxnet, which infected tens of thousands of computers in 155 countries last year, created an international sensation when experts reported that it was designed as an American-Israeli project to sabotage Siemens Corporation computers used in uranium enrichment at the Natanz site. The researchers say the new malicious program, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack. The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions. “Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said.
We’ve heard about the malware Stuxnet being responsible for single handedly shutting down the Iranian nuclear program . Now a variant of Stuxnet has been found in undisclosed European industrial sites. This variant is known as Duqu and it’s thought to be a precursor to a cyber attack.
In 2010, the Stuxnet malware gained global notoriety as a weapon of cyberwar against Iran. A new derivative of Stuxnet, dubbed "Duqu" is now making the rounds, though its purpose and target are not yet known. In a keynote session at the SecTOR conference in Toronto this week, F-Secure security researcher Mikko Hypponen detailed his views on Duqu and the world of online espionage noting that it is very clear to him Duqu is not only based on Stuxnet, but was also written by the same people. According to Hypponen, the Stuxnet source code is not floating around the Internet and, as such, for a new piece of malware to be so closely related, it has to come from the same group.
Stuxnet was possibly the most complex attack of this decade, and we expected that similar attacks would appear in the near future. One thing for sure is that the Stuxnet team is still active–as recent evidence has revealed. McAfee Labs received a kit from an independent team of researchers that is closely related to the original Stuxnet worm, but with a different goal–to be used for espionage and targeted attacks against sites such as Certificate Authorities (CAs). How do we know it was the Stuxnet team? To start with, the attacks are targeting CAs in regions occupied by “Canis Aureus,” the Golden Jackal, to execute professional targeted attacks against sites such as small CAs, industry systems, and others. The Stuxnet worm utilized two “stolen” digital certificates belonging to two companies from Taiwan that operated in the same business district.
First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) - the main module and a keylogger. All that has been mentioned in last 24 hours about connections between Duqu and Stuxnet is related mostly to the first one - the main module.
A newly discovered piece of malicious code dubbed Duqu is closely related to the notorious Stuxnet worm that damaged Iran’s nuclear-enrichment centrifuges last year. Although it has no known target or author, it sets the stage for more industrial and cyberwar attacks, experts say. “This is definitely a troubling development on a number of levels,” says Ronald Deibert , director of Citizen Lab , an Internet think-tank at the University of Toronto who leads research on cyberwarfare, censorship, and espionage.
19 October 2011 Last updated at 08:25 ET Stuxnet seems to have been designed to target uranium enrichment systems Researchers have found evidence that the Stuxnet worm, which alarmed governments around the world, could be about to regenerate.