Memories, more like nightmares, of Stuxnet may have flooded back to cybersecurity experts recently when what is now being referred to as the Duqu malware was discovered by independent European researchers.
Some initially thought it was going to be summer 2010 all over again as Duqu was originally believe to be a Stuxnet variant after it was discovered on September 1. While that may not be the case, it has been determined that the two data security threats are definitely linked. According to researchers, it appears as though the same author responsible for Stuxnet also released Duqu into the wild.
“Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered,” said one company who had access to the code behind Duqu.
Sergey Golovanov, an expert with a different data security company, said there is little doubt the two threats are linked.
“Right now we are pretty sure that is the next generation of Stuxnet,” Golovanov told Forbes.
At the time it was discovered during the summer months of 2010, Stuxnet was dubbed the most sophisticated piece of malware that had ever been created. Experts surmised that it’s main objective was to target and disable nuclear power systems within Iran, given that the infected computers controlled nuclear centrifuges for the contentious Middle Eastern nation.
So far, experts are either unsure or disagree as to how dangerous Duqu could be compared to its older relative.
According to a recent CIO Magazine report, the two data management companies that were granted access to the coding behind Duqu have differing opinions on both its threat level and general purpose.
One company said it believes that the new malware is stealing information that could be used in the development of another Stuxnet-like worm, only better and more powerful. It may accomplish such a feat through the theft and exploitation of stolen security certificates, which may also remind experts of the case of the Comodohacker.
In that incident, stolen certificates allowed the cybercriminal to spy on the email accounts of about 300,000 private Iranian citizens.
The difference with Duqu is the possibility that it could be rooting out government and trade secrets from infected systems. Golovanov, the data security expert who spoke with Forbes, acknowledged that his firm is working with several organizations that have been infected by Duqu.
He said that the malware has not been eradicated and continues to search for information on the infected networks. Golovanov added that, like Stuxnet, Duqu appears to be the work of an independent government
“We are pretty sure that Duqu is a government cyber tool and are 70 percent sure it is coming from the same source as Stuxnet,” he told Forbes. “The victims’ computer systems were infected several days ago. Whatever it is, it is still in those systems, and still scanning for information. But what exactly it is scanning for, we don’t know.”
Of course, the full sophistication and extent of the Duqu malware may not be known for some time. There is little doubt that security professionals will continue to break it down, analyze and try to determine it’s purpose and how computer systems can be protected from it’s attack.
It wasn’t until about a year later that the researchers leading the study of Stuxnet came out with their findings and who they believed was behind the threat. In an interview with National Public Radio last month, German security expert Ralph Langner, said he ultimately believed that the United States was behind Stuxnet.
Data Security News from SimplySecurity.com by Trend Micro