Jerusalem Post
First came Stuxnet computer virus, now there's Duqu
By REUTERS
10/19/2011 13:35
Computer virus similar to Stuxnet detected in Europe; designed to capture
keystrokes and gain remote access; US issues public alert.
WASHINGTON - First there was the Stuxnet computer virus that wreaked havoc
on Iran's nuclear program. Now comes "Duqu," which researchers on Tuesday
said appears to be quite similar.
Security software firm Symantec said in a report it was alerted by a
research lab with international connections on Friday to a malicious code that
"appeared to be very similar to Stuxnet." It was named Duqu because it
creates files with "DQ" in the prefix.
The US Department of Homeland Security said it was aware of the reports
and was taking action.
"DHS' Industrial Control Systems Cyber Emergency Response Team has issued
a public alert and will continue working with the cybersecurity research
community to gather and analyze data and disseminate further information to
our critical infrastructure partners as it becomes available," a DHS
official said.
Symantec said samples recovered from computer systems in Europe and a
detailed report from the unnamed research lab confirmed the new threat was
similar to Stuxnet.
"Parts of Duqu are nearly identical to Stuxnet, but with a completely
different purpose," Symantec said. "Duqu is essentially the precursor to a
future Stuxnet-like attack."
Stuxnet is a malicious software that targets widely used industrial
control systems built by German firm Siemens. It is believed to have crippled
centrifuges Iran uses to enrich uranium for what the United States and some
European nations have charged is a covert nuclear weapons program.
Cyber experts say its sophistication indicates that Stuxnet was produced
possibly by the United States or Israel.
The new Duqu computer virus is designed to gather data from industrial
control system manufacturers to make it easier to launch an attack in the
future by capturing information including keystrokes.
"The attackers are looking for information such as design documents that
could help them mount a future attack on an industrial control facility,"
Symantec said.
"Duqu does not contain any code related to industrial control systems and
is primarily a remote access Trojan (RAT)," Symantec said. "The threat does
not self-replicate."
Duqu shares "a great deal of code with Stuxnet" but instead of being
designed to sabotage an industrial control system, the new virus is designed
to
gain remote access capabilities.
"The creators of Duqu had access to the source code of Stuxnet," Symantec
said.
--
Centroids: The Center of the Radical Centrist Community
<[email protected]>
Google Group: http://groups.google.com/group/RadicalCentrism
Radical Centrism website and blog: http://RadicalCentrism.org
