Stuxnet Worm that Struck Iran Nuke Site May be on the Move Again
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

The worm that infected an Iranian nuclear site, Stuxnet, or something very much like it, may be getting ready to strike again, say researchers. A recently discovered malware dubbed Duqu (for the prefix of its files, ~DQ, is designed to steal information needed to mount another such attack, and provide remote access to industrial installations such as, well, nuclear plants.

Researchers at Symantec announced today the discovery of Duqu, stating that “Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”


Duqu first came to their attention when they were alerted by another, international research lab that declined to be named, in order to protect the identity of one of the victim organizations.

According to the Symantec site, “On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix ‘~DQ’.”

The Symantec researchers add that “Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

They also note that it is designed to run for 36 days, and then to remove itself from the target system. Why 36 nobody has yet posited.

Perhaps most disturbingly, unlike the original Stuxnet, Duqu is not designed to sabotage the industrial system it infects. Instead, it is designed to provide remote control access. Think about that when you consider Stuxnet’s last high-profile target: the Iranian nuclear plant.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

One thought on “Stuxnet Worm that Struck Iran Nuke Site May be on the Move Again
0 (0)

  1. Just a fun speculation, but:
    The Stuxnet worm was widely rumored to be of either Israeli or joint American/Israeli origin. Now, in Hebrew, letters can also represent numbers. The two Hebrew letters that form the word “chai,” meaning life, also add numerically to 18. For this reason, the number 18 is considered by some Jews to be lucky. Gifts of money, or donations to charity, are often given in multiples of chai.
    So, Stuxnet was lucky the first time; Duqu may be the second coming of Stuxnet, ergo double chai, which of course is 36.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.