Researchers, at Symantec a leading US cybersecurity firm have discovered a highly sophisticated computer worm, which has many of the same characteristics of the Stuxnet virus, targeting companies in Europe. They have determined that the new program was written by programmers who must have had access to Stuxnet’s source code.
The Stuxnet virus, which had both an attack capability as well as a spying ability, infected thousands of computers in over a 150 countries in 2010. Experts believe the virus was originally designed by “Intelligence” elements in the US and Israel working cooperatively to target and take control of the automated control systems, (SCADA), at Iran’s, Nuclear Power and Processing facilities.
The new virus dubbed ‘Duqu’, because it creates files with the file name prefix ‘DQ’, is “primarily a remote access Trojan (RAT), its purpose is to gather intelligence data and assets from entities, such as industrial control system (SCADA) manufacturers, in order to more easily conduct a future attack against another third-party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future Stuxnet-like attack.”
Symantec said that the information Duqu gathers is being communicated to a command server in India, but that this doesn’t give any likely indication of who launched it, or who is accessing the material it finds. It believes Duqu has been targeting a specific number of organisations in Europe as early as December 2010 and is designed to automatically remove itself from systems after 36 days. Its precise targets have not been disclosed, but it’s believed they include European firms that make the software for controlling power stations and other industrial facilities.
Symantec suspects that Duqu may have been the first in a wave of new Stuxnet style viruses, and that further sophisticated versions of it with a more aggressive purpose may emerge in the coming months.