US security firm warns of new Stuxnet-like virus

24 Oct, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear programme. Symantec said October 19 that the new virus, dubbed "Duqu" because it creates files with the file name prefix "DQ," is similar to Stuxnet but is designed to gather intelligence for future attacks on industrial control systems.
"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," Symantec said on its website.
"Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.
"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."
Symantec said the virus had been aimed at "a limited number of organizations for their specific assets," without providing further information. Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognise the system it was to attack.

Read Comments