When the Duqu Trojan made its appearance, many people in the security industry believed it was related to the Stuxnet Trojan. Now, after confirmation from Kaspersky Lab that the same team did, indeed, create both pieces of malware, the question is this: Will we see more Stuxnet relatives in the coming months?
The answer is most likely yes. According to the Kaspersky Lab blog:
According to Kaspersky Lab's experts' version, the cybercriminals behind Duqu and Stuxnet several times a year create a new version of the driver, which is used for loading the main module of the malicious program. Upon planned new attacks, with the help of a special program several parameters of the driver are changed, for example like the registry key. Depending on the task such file can also be signed by a legal digital certificate, or remain without a signature at all.
The original platform, dubbed "Tilded," was probably developed long before Stuxnet made its debut into society and has been used more actively than originally thought. In fact, it is believed that the team who built the toolkit were creating models as early as 2007 and there have been at least three other projects besides Stuxnet and Duqu.
Problem is, we still don't know who is responsible for developing the malware. An article in Dark Reading pointed out speculation that the U.S. and Israel are behind it as a way to stop Iran's nuclear program. That's a scary thought. Yet, Dark Reading also added this:
Don Jackson, senior security researcher at Dell Secureworks, says while Kaspersky's new research basically reinforces his theory that Stuxnet and Duqu were written with the same kit, it doesn't prove they were written by the same authors. He argues that code-sharing is not as effective in attribution in malware nowadays due to the wide availability of crimeware kits. "You need to focus more on the operational parameters," he says. "What was in common with the two is that they were generated by the same kit. Now we have a name for that kit," Jackson says.
My next questions are: Now that we have a name for the kit, do we have the ability to combat it? And will the Kaspersky research lead to technology that will prevent an attack from a Stuxnet relative before it strikes?