Home » Duqu: Is It the Next Stuxnet?
Duqu: Is It the Next Stuxnet?
The Stuxnet virus has received a great deal of attention over the past few years because it brought into reality what had previously been considered on a hypothetical basis: a sophisticated cyber attack on a critical infrastructure. Though we have debated the level of hype surrounding the Stuxnet virus, considering that it specifically targeted Iran's nuclear program, industry experts have warned that this particular malware was just the beginning, and industrial networks need to be prepared for similar attacks. Now another piece of malware has been found operating in systems in Europe.
Symantec (www.symantec.com), receiving the news from a research lab in mid-October, confirmed that the new threat—called Duqu because it creates files with the file name prefix "~DQ"—is a precursor to another Stuxnet-like attack. Duqu appears to have been created since the last Stuxnet file was recovered, according to Symantec, and its structure and design philosophy are very similar to Stuxnet. Parts of Duqu's source code are nearly identical to Stuxnet. Whether that means Duqu was created by the same group that created Stuxnet or by somebody who gained access to the Stuxnet code is unknown, but regardless the new virus appears to have a different purpose.
"Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party," Eric Chien wrote in Symantec's official blog. "The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."
Unlike Stuxnet, Duqu does not contain any code related to industrial control systems, according to Symantec, which reported that Duqu is primarily a remote access Trojan (RAT) and does not self-replicate. "Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets," Chien wrote. "However, it's possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants."
Duqu executables were designed to capture information such as keystrokes and system information, Symantec said. The attackers were searching for assets that could be used in a future attack. Although it would appear that they did not retrieve any sensitive data, details are not available in all cases. Two variants were recovered. The first recording of one of the binaries was Sept. 1, 2011. "However, based on file compile times, attacks using these variants may have been conducted as early as December 2010," Chien explained.
Duqu has been less widespread than Stuxnet, and was designed to eliminate itself after 36 days of running in a system. The threat uses a custom command-and-control protocol, Symantec said, primarily downloading or uploading what appear to be jpeg files. It then also transfers additional data for exfiltration.
Although Stuxnet was designed to sabotage an industrial control system, Duqu is geared toward general remote access capabilities. "The attackers intend to use this capability to gather intelligence from a private entity to aid future attacks on a third party," Chien wrote. "While suspected, no similar precursor files have been recovered that predate the Stuxnet attacks."
Symantec said it was alerted to the Stuxnet-like sample by "a research lab with strong international connections." Although the organization provided a detailed report, it has remained anonymous. "As we are in academia, we have limited resources to analyze malware behavior," the original researchers commented in their report. "That means we leave several questions for further investigation."
Production Process Enhances MES With SQL Database
ERP System Integrated With Production Improve Manufacturing Processes
Honeywell Green Boot Camp Addresses Sustainability Challenges
Five Day Interactive Workshop Focuses on Best Practices for Teaching Energy, Sustainability and Environmental Concepts
Distech Controls Welcomes Shareholder Samsung Ventures
Financing Will Be Used to Accelerate Company Growth and Development Roadmap Worldwide
Winners of AmeriStar 2013 Package Awards Competition
IoPP Announces Top Competitors in Package Innovation, Sustainability, Protection, Economics, Performance and Marketing
Igus Wins Two Awards at iF Product Design Competition
Triflex R TRLF Cable Carrier Designed for Three-Axis Movement for Robotic Applications
Engineering Graduates Make Top 10 Highest Starting Salaries List
NACE Reports Engineers Took Seven of the Top 10 Spots in April Survey
Major Tool & Machine Purchases Large-Part Machining Systems From MAG
New U5 Machine Will Initially Replace Production Capacity During the Rebuild of Massive DSI Gantry Mill/Turn Machine
ODVA Forms SIG for Machinery Information
Developing Standards for the Exchange of Information Between Machines, and Between Machines and Supervisory Systems
Digital Manufacturing Market Poised for Global Growth
Frost & Sullivan Analysis Finds Market Earned Revenues of $704 Million in 2012 and Is Estimated to Reach $928 Million in 2016
Strong Growth Forecast for Direct Drives
IMS Research/IHS Report Shows Global Market Is Predicted to Be Worth Nearly $300 Million in 2016
- All news »
Access the entire print issue on-line and be notified each month via e-mail when your new issue is ready for you. Subscribe today.
- Featured White Papers