Duqu: Son of Stuxnet Hits European Computer Networks

October 21st, 2011

Update: ‘Duqu’ Virus Likely Handiwork Of Sophisticated Government, Kaspersky Lab Says

Via: Deutsche Welle:

Wüest is one of the experts at Symantec, who is currently analyzing the source code behind Duqu. Symantec says it was alerted to the new threat on October 14 by a laboratory that has “international connections.”

Since then, Symantec’s investigations suggest that a “few hundred systems have been infected at a handful of companies,” many of which are in Europe.

Another IT security firm, McAfee, is also working on the virus. McAfee and Symantec both believe that Duqu shares strong similarities with the Stuxnet virus.

Some of its source code matches that of Stuxnet and because the Stuxnet code is not known to be available online, they say it is likely that Duqu was created by the same people or that they sold the code to another group. While it remains unclear where Stuxnet came from, the New York Times reported in January 2011 that Stuxnet was developed by the American and Israeli governments.

But there are significant differences as well between Duqu and Stuxnet.

“Duqu is not spreading like Stuxnet,” said Wüest, “Duqu was carefully placed and can be controlled remotely.”

Experts believe that Duqu has been used to target only a limited number of organizations for the specific assets.

“Its warhead is not aimed at the technology industry, it’s being used to steal information, so it’s more like industrial espionage,” Wüest added.

Posted in Economy, Infrastructure, Technology | Top Of Page

Leave a Reply

You must be logged in to post a comment.