New malware collects data to prepare future attacks, says Symantec
Computer security company Symantec has said that a new malicious code that "appeared to be very similar to Stuxnet" has been discovered by a resaerch lab.
The malware creates files with "DQ" in the prefix. It has been dubbed Duqu, Reuters reported.
Like the Stuxnet worm, Duqu also has capabilities to cripple critical systems.
"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility," Symantec said.
"Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.
"Duqu is essentially the precursor to a future Stuxnet-like attack," Symantec said.
However, Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). Symantec said. "The threat does not self-replicate."
The US Department of Homeland Security has said it is acting on the reports.
A DHS official told Reuters, "DHS’ Industrial Control Systems Cyber Emergency Response Team has issued a public alert and will continue working with the cyber security research community to gather and analyze data and disseminate further information to our critical infrastructure partners as it becomes available."
Stuxnet is a malware that targets control systems built by German firm Siemens. It is belived the Stuxnet virus was originally developed to disrupt Iran’s nuclear programme. Analysis by computer security experts has showed it exploited no fewer than four previously unknown vulnerabilities in Microsoft Windows to take over industrial control systems, making it more sophisticated than any virus seen before.
Once inside a Windows systems, the self-replicating code looks for connections to Siemens industrial control systems exploiting more vulnerabilities in the Siemens’ own operating system to make clandestine adjustments to industrial processes.
Stuxnet targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.
Homeland Security and Idaho National Laboratory analysts are trying to find out ways to fight the worm.
The origin of the worm is still unknown.
Earlier, Ralph Langner, one of the first researchers to show the working of the sophisticated malware, had revealed that he believes Mossad is involved, but the US is the leading source of the worm.
The worm first came into light late last year after studies showed a likelihood of a "nation state" to be behind the worm meant to target Iran’s nuclear programme.
In April, Iran claimed that Siemens helped the US and Israel to launch the computer worm Stuxnet against its nuclear facilities.
Though Iran’s uranium enrichment programme is known to have been delayed, Iranian officials have denied that the virus caused any major delays to its nuclear power programme. However, they have admitted that the worm infected staff computers.
Synmantec told Reuters that the new Duqu computer virus aims to collect data from industrial control system manufacturers to make it easier to launch an attack in the future by capturing remote control access, including keystrokes.
Duqu shares "a great deal of code with Stuxnet" said Symantec.
"The creators of Duqu had access to the source code of Stuxnet," Symantec said.
Earlier, the DHS had said that the Stuxnet code is in the wild and that it could be adapted.