About these ads
Home > Cyberwar, Security > Back to The Future of Stuxnet

Back to The Future of Stuxnet


While the U.S. and U.K. are debating whether to use Cyberwarfare, someone, somewhere, has decided not to waste further time and has anticipated them, developing what appears to be a precursor of Stuxnet 2.0. In a blog post, Symantec explains how it came across the first samples of the malware thanks to a research lab with strong international connections, which, on October 14 2011, alerted the security firm to a sample that appeared to be very similar to Stuxnet.

The brand new threat has been dubbed “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”, and has been discovered in some computer systems located in the Old Continent. After receiving and analyzing the samples, Symantec has been able to confirm that parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Unlike its infamous predecessor Duqu does not target ICS but rather appears to be a RAT developed from the Stuxnet Source Code, whose main features may be summarized as follows (a detailed report is available here):

  • The executables [...] appear to have been developed since the last Stuxnet file was recovered.
  • The executables are designed to capture information such as keystrokes and system information.
  • Current analysis shows no code related to industrial control systems, exploits, or self-replication.
  • The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
  • The exfiltrated data may be used to enable a future Stuxnet-like attack.
  • Two variants were recovered [...], the first recording of one of the binaries was on September 1, 2011. However, based on file compile times, attacks using these variants may have been conducted as early as December 2010.

Of course this event rises inevitably many security questions: although cyberwar is actually little more than a concept, cyber weapons are a consolidated reality, besides it is not clear if Duqu has been developed by the same authors of Stuxnet, or worst by someone else with access to the source code of the cyber biblical plague (and who knows how many other fingers in this moment will be coding new threats from the same source code).

Anyway one particular is really intriguing: only yesterday the DHS issued a Bulletin warning about Anonymous Threat to Industrial Control Systems (ICS), not event 24 hours after the statement a new (potential) threat for ICS appears in the wild… Only a coincidence?

About these ads
  1. October 19, 2011 at 4:16 am

    There has been this drumbeat of warnings about cyber war. Is someone building a case to increase hostilities?

  1. October 21, 2011 at 6:54 pm
  2. November 2, 2011 at 8:06 pm
  3. December 26, 2011 at 3:16 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 3,091 other followers