Most Read: National

Live Discussions

Switchback: Talking tech

Switchback: Talking tech

Chat transcript

Smartwatches are coming, but will they catch on? The Switch team discussed the future of wearables and other tech news.

Weekly schedule, past shows

Checkpoint Washington
Posted at 08:35 AM ET, 10/19/2011

New Stuxnet-like code is discovered

Cybersecurity researchers have found a piece of malware on computer systems in Europe that bears startling similarities to Stuxnet, the mysterious virus that was used to sabotage Iran’s nuclear program, and it appears to have been designed to secretly gather intelligence.

In a new paper, U.S.-based researchers at Symantec say that the code – dubbed Duqu — was written by whoever unleashed Stuxnet, or perhaps by someone who had access to the computer language underlying it. The new code was written to capture information that can help “mount a future attack on an industrial control facility.”

“Duqu is essentially the precursor to a future Stuxnet-like attack,” the paper said.

Although the codes share similar traits, they differ in significant ways. Stuxnet’s payload was designed specifically to disrupt the machines that controlled the speed of centrifuges in a uranium enrichment plant in Iran. Duqu is designed to capture data such as computer keystrokes (including, say, passwords) and system information.

The discovery of the code by a lab in Europe is a reminder, said Kevin Haley, security response director for Symantec, that “the groups or organizations behind these attacks are not going to stop at one. They are going to do another.”

Other researchers are expressing caution.

“This is all typical computer network espionage, which Stuxnet clearly was not,” said Dmitri Alperovitch, an independent security researcher.

The new code — dubbed Duqu because it creates files with the prefix ~DQ — has been found so far in a handful of European manufacturers of industrial control systems. Security experts are continuing to analyze new variants.

Symantec’s technical paper can be found here.

By  |  08:35 AM ET, 10/19/2011

 
Read what others are saying
     

    © 2011 The Washington Post Company