‘Stuxnet-Like’ Virus making the rounds

Security researchers on Tuesday issued a warning about a virus, dubbed Duqu, that’s similar in nature to the Stuxnet worm that targeted Iranian critical infrastructure last year.

International researchers alerted Symantec about Duqu last week and Symantec found that “parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose”—information gathering rather than system sabotage.

Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

According to our security alerts, Duqu is a “precursor to a future Stuxnet-like attack” and was authored by the same people as Stuxnet, or at least by those who had access to Stuxnet source code.

At this point, however, Duqu does not appear to contain any code that singles out any particular industrial control system (ICS); it’s primarily a remote access Trojan (RAT). It appears as though the perpetrators are targeting a limited number of organizations, but it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

The fact that Duqu creators have the Stuxnet source code is troubling. Stuxnet source code is not out there. Only the original authors have it.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: