Is Duqu the next Stuxnet?

Symantec is studying what it thinks could be the next Stuxnet.

A Symantec spokesman emailed me to say researchers are analyzing a newly discovered "targeted threat that shares a great deal of code in common with the infamous Stuxnet malware." The authors of this new threat, named Duqu, apparently had access to the Stuxnet source code, not just its binaries. "Thus, it is possible Duqu was created by the same attackers that created Stuxnet," the spokesman said.

From what researchers can tell, Duqu's mission is to gather intelligence data and assets from entities like industrial control system manufacturers, to more easily conduct a future attack against another third party.

"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Thus, Duqu is essentially the precursor to a future Stuxnet-like attack," the spokesman said.

More from the Symantec Security Response blog:

Key points are:

• Executables developed after Stuxnet using the Stuxnet source code have been discovered.

• The executables are designed to capture information such as keystrokes and system information.

• Current analysis shows no code related to industrial control systems, exploits, or self-replication.

• The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.

• The exfiltrated data may be used to enable a future Stuxnet-like attack.

We'll post more details as they become available.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies