AGL 40.00 Decreased By ▼ -0.16 (-0.4%)
AIRLINK 129.53 Decreased By ▼ -2.20 (-1.67%)
BOP 6.68 Decreased By ▼ -0.01 (-0.15%)
CNERGY 4.63 Increased By ▲ 0.16 (3.58%)
DCL 8.94 Increased By ▲ 0.12 (1.36%)
DFML 41.69 Increased By ▲ 1.08 (2.66%)
DGKC 83.77 Decreased By ▼ -0.31 (-0.37%)
FCCL 32.77 Increased By ▲ 0.43 (1.33%)
FFBL 75.47 Increased By ▲ 6.86 (10%)
FFL 11.47 Increased By ▲ 0.12 (1.06%)
HUBC 110.55 Decreased By ▼ -1.21 (-1.08%)
HUMNL 14.56 Increased By ▲ 0.25 (1.75%)
KEL 5.39 Increased By ▲ 0.17 (3.26%)
KOSM 8.40 Decreased By ▼ -0.58 (-6.46%)
MLCF 39.79 Increased By ▲ 0.36 (0.91%)
NBP 60.29 No Change ▼ 0.00 (0%)
OGDC 199.66 Increased By ▲ 4.72 (2.42%)
PAEL 26.65 Decreased By ▼ -0.04 (-0.15%)
PIBTL 7.66 Increased By ▲ 0.18 (2.41%)
PPL 157.92 Increased By ▲ 2.15 (1.38%)
PRL 26.73 Increased By ▲ 0.05 (0.19%)
PTC 18.46 Increased By ▲ 0.16 (0.87%)
SEARL 82.44 Decreased By ▼ -0.58 (-0.7%)
TELE 8.31 Increased By ▲ 0.08 (0.97%)
TOMCL 34.51 Decreased By ▼ -0.04 (-0.12%)
TPLP 9.06 Increased By ▲ 0.25 (2.84%)
TREET 17.47 Increased By ▲ 0.77 (4.61%)
TRG 61.32 Decreased By ▼ -1.13 (-1.81%)
UNITY 27.43 Decreased By ▼ -0.01 (-0.04%)
WTL 1.38 Increased By ▲ 0.10 (7.81%)
BR100 10,407 Increased By 220 (2.16%)
BR30 31,713 Increased By 377.1 (1.2%)
KSE100 97,328 Increased By 1781.9 (1.86%)
KSE30 30,192 Increased By 614.4 (2.08%)

dugu-virusSAN FRANCISCO: Internet security specialists have warned of a new round of cyber warfare in the form of a computer virus similar to the malicious Stuxnet worm believed to have targeted Iran's nuclear program.

Analysts at US firms McAfee and Symantec agreed that a sophisticated virus dubbed "Duqu" has been unleashed on an apparent mission to gather intelligence for future attacks on industrial control systems.

"This seems to be the reconnaissance phase of something much larger," McAfee senior research analyst Adam Wosotowsky told AFP about the virus, named for the "DQ" prefix on files it creates.

McAfee and Symantec said that, based on snippets of the virus they were given to study, portions of the encrypted Duqu code matched identically scrambled portions of Stuxnet.

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," Symantec said on its website.

"Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

Symantec said the virus had been aimed at "a limited number of organizations for their specific assets," without providing further information.

McAfee was working to trace a timeline of Duqu's spread and the areas it has reached.

"It seems to be primarily centred on the Middle East, then India, Africa and Eastern Europe," Wosotowsky said. "I haven't seen any reports in North or South America."

Duqu was crafted to steal information by logging computer key strokes or mining machines for valuable data such as passwords or credentials that could be used to slip into networks undetected, according to McAfee.

Duqu is able to pass information to its creators through "command and control" computers that could then be used to issue new orders, such as seizing control of factory machinery.

"Our guess is that it is going after infiltrating certificate authorities to then use those to sign programs and install itself much more cleanly on more protected, locked-down networks," Wosotowsky said.

Symantec said it was alerted to the threat on October 14 by a "research lab with strong international connections."

McAfee, like Symantec, declined to identify the research facility that tipped it off.

Wosotowsky saw Duqu as evidence that nation states are taking their conflicts into the cyber world.

"Normal people shouldn't be highly concerned with getting an infection in their personal, independent systems," Wosotowsky said.

"But they should be concerned that we are going to see the militarization of cyber space going forward... This is a new face of international conflict."

Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.

The New York Times reported in January that US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran's efforts to make a nuclear bomb.

Tehran has always denied it is seeking nuclear weapons.

Copyright AFP (Agence France-Presse), 2011

Comments

Comments are closed.