New Worm by Creators of Stuxnet Is Suspected

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

New Worm by Creators of Stuxnet Is Suspected

Postby MyCanadian Spammerdeath » Tue Oct 18, 2011 10:44 pm

New Worm by Creators of Stuxnet Is Suspected
By JOHN MARKOFF
Published: October 18, 2011


The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say.

Stuxnet, which infected tens of thousands of computers in 155 countries last year, created an international sensation when experts reported that it was designed as an American-Israeli project to sabotage Siemens Corporation computers used in uranium enrichment at the Natanz site.

The researchers say the new worm, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack.

The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions.

“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

They said the Duqu program was found in Europe in a narrowly limited group of organizations, “including those involved in the manufacturing of industrial control systems.”

In contrast to Stuxnet, Duqu has been found in only a handful of organizations to date. The program is designed to last 36 days and then remove itself from the system it infected.

Like Stuxnet, Duqu tries to prove its authenticity by using a stolen digital certificate, this one apparently taken from a Taiwanese company. Symantec officials were able to revoke the security certificate after it was discovered stolen because the company owns the VeriSign authentication service that controls the certificate infrastructure.

The Symantec posting, and a related technical paper, raised a new mystery of its own. The company said it had been alerted to the new malware by a “research lab with strong international connections,” but declined to identify it further or say whether it was governmental or private.

According to Vikram Thakur of Symantec, the organization decided not to come forward because it wanted to protect the identity of the victim organization. The technical paper did include this comment from the team that apparently discovered the malware: “As we are in academia, we have limited resources to analyze malware behavior.”

Mr. Thakur added that in the two days since Symantec had received its initial malware sample, the security firm had received other variants of the program, which also appear to be aimed at makers of industrial control equipment.

The researchers identify a wide variety of similarities between Duqu and Stuxnet and said that the new program could not have been written without having access to the original programmer’s instructions. It has been previously noted that Stuxnet had both an attack capability as well as the ability to spy on the computers it infiltrated.

Security researchers have argued that the Stuxnet attackers were able to gather valuable intelligence information about the Iranian nuclear program as well as damage the control equipment at Natanz.

The Symantec researchers said they had not been able to determine how the Duqu code reached its target. Stuxnet used a wide range of system vulnerabilities, leading to speculation that it could have been written only by an organization with the resources of a national intelligence agency. Mr. Thakur said of Duqu, “This is extremely sophisticated, this is cutting edge.”

Source: http://www.nytimes.com/2011/10/19/techn ... again.html
Only on our site you will find a SPICE under the comprehensible prices!
MyCanadian Spammerdeath
Spammer Exterminator
 
Posts: 1144
Joined: Mon Feb 26, 2007 11:13 pm

Re: New Worm by Creators of Stuxnet Is Suspected

Postby AlphaCentauri » Wed Oct 19, 2011 5:08 am

I don't know the details of Stuxnet, but I wonder how strong the evidence is that it is US-Israeli in origin. Russia also has a good reason not to want a nuclear-armed Iran near its borders or supporting its Muslim terrorists, and we know they have a lot of citizens with experience in writing malware.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: New Worm by Creators of Stuxnet Is Suspected

Postby MyCanadian Spammerdeath » Wed Oct 19, 2011 4:42 pm

Speculation noted.

Iran used to get most of its nuclear technology and much military materiel from both France and Russia, and French support has waned. So it seems unlikely that any cash-strapped, war-weary government would deliberately try and put itself out of business, but it would be impertinent for me to speculate about that.

Siemens, Israel and the US DoD have all essentially non-denied.

More to the point and somewhat missed by the Times article is the fact that Stuxnet is opensource, so there is no way to be certain whether new implementations are asserted by new actors.

http://vimeo.com/25118844
Only on our site you will find a SPICE under the comprehensible prices!
MyCanadian Spammerdeath
Spammer Exterminator
 
Posts: 1144
Joined: Mon Feb 26, 2007 11:13 pm

Re: New Worm by Creators of Stuxnet Is Suspected

Postby AlphaCentauri » Wed Oct 19, 2011 5:50 pm

Russia has been having big problems with Muslim insurgents -- really gut-wrenching hostage situations like that elementary school in Beslan, as well as a recent train bomb. As of 2009, Russia and the US were jointly backing a resolution to stop uranium enrichment in Iran. (Russia had been selling them nuclear materials for reactors that would prevent them needing their own enrichment facilities. The centrifuges would have been used for uranium enrichment.)
http://www.newsobserver.com/2009/11/28/ ... -iran.html
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am


Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest