. Military Space News .

More 'Stuxnet' cyberattacks feared
by Staff Writers
Mountain View, Calif. (UPI) Oct 20, 2011

disclaimer: image is for illustration purposes only

The makers of a computer virus aimed at disabling Iran's nuclear facilities appear to be back in Europe with a precursor to a new attack, U.S. experts say.

The attacks by the malware named Stuxnet in 2009 and 2010 were responsible for disabling the controls of industrial equipment used at the Iranian nuclear research site at Natanz -- causing problems for its centrifuges, President Mahmoud Ahmadinejad confirmed last year.

Now, industrial computers in Europe are being infected with a "Trojan horse" software bug similar to Stuxnet that is likely the precursor to a new attack, the U.S. computer security company Symantec said.

Liam O Murchu, a Symantec security supervisor, wrote on his official blog that European researchers had provided him with examples of a malware dubbed "Duqu," which contains sections that are nearly identical to Stuxnet and appears to have been written by the same authors.

"The real surprising thing for us is that these guys are still operating," he told Wired magazine. "We thought these guys would be gone after all the publicity around Stuxnet. That's clearly not the case.

"They've clearly been operating over the last year. It's quite likely that the information they are gathering is going to be used for a new attack. We were just utterly shocked when we found this," he added.

The Stuxnet worm represented a new threat level -- experts said it was the first discovered to be built to for spying on and subverting industrial systems. It was also the first to contain a programmable logic controller in its malicious code payload.

It attacked industrial control equipment made by the German manufacturer Siemens between June 2009 and May 2010, taking aim at specific organizations in Iran on three occasions. It infected Natanz and four other Iranian industrial facilities, The New York Times reported.

The newspaper in January said Israel had set up an array of centrifuges in an elaborate mock-up of a suspected Iranian uranium enrichment site -- something that would have been needed to provide the sophistication for programming the Stuxnet malware.

The purpose of the new Duqu malware, O Murchu said in his blog post, is to "gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."

The attackers, he said, "are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Duqu isn't a self-replicating worm like Stuxnet, but a "Trojan horse" information-stealer that could record keystrokes and gain other secret system information.

"The attackers were searching for assets that could be used in a future attack," O Murchu said.

The security expert declined to say which European countries were attacked with the Duqu malware but did tell Wired they hadn't been grouped in any specific geographical target. He warned that could change quickly if more variants of the virus are found.

Guilherme Venere and Peter Szor of the U.S. computer security firm McAfee Labs wrote this week that there's no doubt the Duqu malware has the same authors as Stuxnet.

"The Stuxnet worm utilized two 'stolen' digital certificates belonging to two companies from Taiwan, which operated in the same business district," they wrote on their blog, while the new malware "was signed with yet another key belonging to the company Cmedia, in Taipei.

"It is highly likely that this key, just like the previous two, known cases, was not really stolen from the actual companies but instead directly generated in the name of such companies at a (commercial certificate authority) as part of a direct attack," they said.

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Get Our Free Newsletters Via Email
Buy Advertising Editorial Enquiries

US security firm warns of new Stuxnet-like virus
Washington (AFP) Oct 19, 2011 - US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Symantec said Tuesday that the new virus, dubbed "Duqu" because it creates files with the file name prefix "DQ," is similar to Stuxnet but is designed to gather intelligence for future attacks on industrial control systems.

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," Symantec said on its website.

"Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Symantec said the virus had been aimed at "a limited number of organizations for their specific assets," without providing further information.

The company said it had been alerted to the threat on October 14 by a "research lab with strong international connections."

Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.

The New York Times reported in January that US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran's efforts to make a nuclear bomb.

Tehran has always denied it is seeking nuclear weapons.


. Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle

Stuxnet-like virus points to new round of cyber war
San Francisco (AFP) Oct 20, 2011
Internet security specialists have warned of a new round of cyber warfare in the form of a computer virus similar to the malicious Stuxnet worm believed to have targeted Iran's nuclear program. Analysts at US firms McAfee and Symantec agreed that a sophisticated virus dubbed "Duqu" has been unleashed on an apparent mission to gather intelligence for future attacks on industrial control syste ... read more

Aerostat system detects cruise missiles and supports engagement

Raytheon Successfully Test Fires First New-Build Patriot Missile

NATO missile shield 'not targeted at anyone': Spain

THAAD Weapon System Achieves Intercept of Two Targets at Pacific Missile Range Facility

U.S. aid to help find Libyan missiles

Philippines unfazed by Taiwan Spratlys missile plan

El-Op tunes C-Music to protect airliners

US team seeking missing missiles in Libya

Computer virus did not target US drone fleet: general

US Army to fly 'kamikaze' drones

Raytheon Aims to Integrate STM on Light-Attack Aircraft

Miscommunication caused US drone deaths: report

First MEADS Battle Manager Begins Integration Testing in the United States

Elbit Establishes Israeli MOD Comms Equipment Supply Upgrade and Maintenance Project

Boeing FAB-T Demonstrates High-Data-Rate Communications with AEHF Satellite Test Terminal

NRL TacSat-4 Launches to Augment Communications Needs

Supacat announces Australian partners

Canada to spend $1 bln to upgrade armored vehicles

Lockheed Martin Receives Unanimous Decision That "Paveway" Is a Generic Term

First shipboard integration of a true dual-band radar suite

Eurocopter aims for S. Korean contracts

Thales to upgrade Australia's Steyr rifles

Secret agent tells Bout trial of weapons list

Brazil's C295s achieve milestone

Panetta to focus on military ties with Indonesia

Panetta backs developing military ties with Indonesia

India PM concedes 'problems' in China relations

China not seeking to top US: Lee Kuan Yew

Boeing and BAE Systems to Develop Integrated Directed Energy Weapon for US Navy


The content herein, unless otherwise known to be public domain, are Copyright 1995-2011 - Space Media Network. AFP and UPI Wire Stories are copyright Agence France-Presse and United Press International. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement