Duqu: Son of Stuxnet?

Sue Marquette Poremba

Recent headlines sound like something from an old Japanese horror movie: "Son of Stuxnet." But truthfully, this new Trojan, called "Duqu," could be a lot more dangerous than Godzilla. Duqu has identical code to Stuxnet (which is why some are referring to it as "Stuxnet 2.0") and is capable of stealing intelligence data and assets to set up an attack.

 

Symantec was alerted of the discovery of the new Trojan and announced it on its blog:

Slide Show

Five Warning Signs Your Security Policy Is Lacking

Warning signs of a weak security policy from SunGard Availability Services

 

Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu doesn't self-replicate, Symantec pointed out, and it appears to be a remote access Trojan. The big difference between Stuxnet and Duqu is what they are designed to do. Stuxnet was meant to mess up control systems; Duqu wants remote access. A McAfee blog post stated that Duqu's purpose may be target attacks against sites like certificate authorities and advises those sites to verify if their systems have been compromised.

 

Security folks have been warning of another Stuxnet or Stuxnet-like virus that could attack network infrastructure. Stuxnet had a purpose: to shut down an Iranian nuclear facility. What exactly is Duqu designed to do? Security experts know what it can do, but I wonder if there is a specific purpose behind Duqu?


 

At least it's encouraging that we are talking about this as a discovery before hearing of it doing any damage on a network.



Add Comment      Leave a comment on this blog post
Oct 22, 2011 2:15 AM annewest annewest  says:

Thank you for posting an interesting topic here. A while ago, I also read an aricle entitled "Duqu virus uses Stuxnet DNA to mine industrial data". In 2010, the computer malware Stuxnet infected nuclear control systems in Iran and it had been profoundly hard for the experts to determine the virus. Recently, a second comparable malware has been discovered, and it was named Dubbed Duqu. The malware was designed to mine information from European industrial computers. Furthermore, albeit Symantec was the group to research and announce the discovery of Duqu, the institution does not claim to have discovered the virus. Instead, Symantec was alerted of the existence of Duqu by a 'research lab with strong international connections' that wishes to remain anonymous. And here is the thing: the virus is intended to download sensitive information that could be used to launch further, destructive effects!  That is totally damaging! I hope that it will be casted away soon!

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.