Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A relative of Stuxnet, one of the most complex and potentially menacing computer worms ever created, has impacted five Europe-based manufacturers of industrial control systems.
But this malware, dubbed Duqu, is not quite the son of Stuxnet researchers said.
"It's not doing any type of cyber sabotage like Stuxnet did," Symantec security technology and response director Kevin Haley said.
"It's really at the reconnaissance phase."
Duqu was first discovered by an unnamed research group that shared the information with vendors.
Later research found that it contained Stuxnet code designed to invade industrial control systems.
Stuxnet, discovered in June last year, was considered one of the most advanced peices of malware ever written. It contained four zero-day exploits and crippled Iran's uranium centrifuges.
Symantec researchers examined two variants of Duqu.
Once on a machine, the strains download a remote access tool, which allows the malware to take control of the computer and begin communication with a command-and-control hub.
In the case of one of the variants studied, it installed an "Infostealer" trojan, designed to record keystrokes and map networks. Duqu is customised to delete itself after 36 days, Haley said.
The exploit code, according to McAfee researchers Guilherme Venere and Peter Szor, mimiced Stuxnet in its encryption keys and drivers.
Like Stuxnet, the threat uses a driver file signed with a legitimate digital certificate, in this case issued by Taiwan-based C-Media Electronics, according to F-Secure.
Researchers were still unclear how the malware initially infected a target machine, and how it propagated.
"What it's accomplishing is not sophisticated," Haley said. "It's pretty straightforward. [But] the underlying code itself, some of that code is from Stuxnet, and the Stuxnet code itself is very complex and sophisticated...It's very typical for malware authors to reuse code."
"This is no different. They felt pretty comfortable the people they were targeting, whatever security they were using, would not discover the code."
Although the origin of Stuxnet, meant to sabotage Iran's nuclear power program by targeting Siemens software, has never been determined, it is widely believed to have originated in the US or Israel.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.