New cyber weapon detected in Europe – from the ‘authors’ of Stuxnet worm that attacked Iran’s nuclear plant
By Rob Waugh
19th October 2011
The Stuxnet worm marked a sinister new stage in the evolution of cyber-weapons – it was designed to cause physical damage to industrial systems, specifically Iran’s Busehr nuclear plant.
Now highly similar software has been detected in Europe, said researchers at security firm Symantec.
The software, named Duqu, is so similar Symantec said, ‘The threat was written by the same authors (or they have access to Stuxnet’s code).’
Many observers thought that the sophistication of Stuxnet would have required the resources of a nation to design. Others suspected it was produced by the U.S. or Israel.
Duqu is designed to penetrate industrial systems and send information to its creators. It’s designed to run for 36 days, sending innocent ‘dummy’ images to its creators, then hiding stolen information such as design documents amongst them as it operates.
Unlike Stuxnet, it doesn’t self-replicate inside computer systems – and is seen as a ‘precursor’ to an attack designed to cause physical or financial damage.
Symantec says that the detection of Duqu does not mean that the danger is over.
‘The threat was highly targeted toward a limited number of organizations for their specific assets,’ said the security firm in a statement. ‘However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.’