Duqu Trojan a precursor to next Stuxnet, Symantec warns
New malware shares Stuxnet code, targets makers of industrial control systems
Computerworld - Security vendor Symantec is warning of a new malware threat that it says could be a precursor to the next Stuxnet.
The new threat, dubbed W32.Duqu, is a remote access Trojan (RAT) that appears to have been written by the authors of Stuxnet, or at least by someone who has access to Stuxnet source code, Symantec said in a report released today.
"We have confirmed Duqu is a threat nearly identical to Stuxnet, but with a completely different purpose," Symantec said.
Duqu's purpose is to steal data from manufactures of industrial control systems that can then be used to craft attacks against entities using such systems, Symantec warned.
Symantec's analysis shows that the Trojan is "highly targeted" at a limited number of organizations, said Kevin Haley, director of product management.
Though Duqu uses a lot of the same code as Stuxnet, its payload is completely different, Haley added.
While Stuxnet is designed to sabotage industrial control systems, Duqu is simply a Trojan with remote access capabilities that appears to have been created specifically to gather information about industrial control systems.
News of the new Trojan is sure to reinforce concerns about targeted cyberattacks against the industrial control systems used in critical infrastructures, such as power plants, water treatment facilities and chemical plants.
The Stuxnet worm, which some security researchers call the most sophisticated malware program ever written, has affected industrial control systems in many countries, including and especially Iran.
The worm is noteworthy as the first piece of malware known to have morphed into physical destruction of a resource,
Attackers have used Duqu to install keystroke loggers and network enumerators for stealing information that can be used in future attacks, Haley said. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control system.
Haley said that Duqu has been used to carry out attacks against a handful of European companies that manufacture industrial control systems.
In at least one case, the attackers were unsuccessful in their attempts to steal such data. But information is not yet available on all cases where Duqu has been used to launch an attack, Symantec said.
Symantec said it received a sample of the new malware on October 14 from what it described as "research lab with strong international connections." Symantec has so far analyzed two variants of Duqu and recovered additional variants from an organization in Europe that it didn't identify.
Attacks using Duqu and its variants may have been going on since last December based on a review of file-compilation times, Symantec said.
Duqu cannot replicate or propagate on its own, Haley said. It is configured to run for 36 days after which it removes itself from the infected machine.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts