Symantec researchers have discovered a new virus that they say is very similar to the Stuxnet virus that was used to attack Iran's nuclear program.
Like Stuxnet, the new virus--which is known as Duqu and may have been in use since last December--targets industrial command-and-control systems. In addition, much of the code used in Duqu is similar to the code used in Stuxnet.
Both Stuxnet and Duqu also use fraudulent digital certificates, which are purportedly issued by Taiwanese companies. As a result, Duqu must have either been created by the same group that developed Stuxnet or was created by a group that was able to obtain Stuxnet's source code.
However, there are some differences between Stuxnet and Duqu, which creates a backdoor in the systems it infects and connects them to a command computer in India. For example, although Stuxnet was designed to attack the computers used in Iran's nuclear research program, Duqu is not as targeted, and may be designed to collect intelligence such as design documents before an attack on infrastructure computers is launched, Symantec says.
View Full Article
No entries found