Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Stuxnet may have up to 4 malware siblings made on the same platform

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 30 Dec 2011 03:57:25 -0600 (CST)
http://venturebeat.com/2011/12/29/stuxnet-siblings/

By Meghan Kelly
VentureBeat
December 29, 2011
Stuxnet has been called the most sophisticated computer worm ever created. We know there are siblings to the malware which took down Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may be up to four other worms in the family tree.
In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable malware targets an industrial control system called SCADA, which operates as a management tool for commercial grade software and hardware. It shut down the equipment responsible for creating fuel for nuclear weapons, which Iranian president Mahmoud Ahmadinejad later admitted. In 2011, the Duqu virus was discovered and named as part of the Stuxnet family of malware, bringing the count up to two highly sophisticated worms.
According to a report by Reuters, Russian security company Kaspersky Labs has identified three others. When originally found, Kaspersky said Stuxnet was so mature it could have been made by an intelligence agency. Later, the United States and Israel were both blamed for its creation and eventual dispersal. Neither country has taken responsibility.
Though we don’t know what lab the worms originated from, the same one gave birth to both Stuxnet and Duqu as well as the three siblings. Kaspersky discovered this after observing the two virus’ attempt to find the other three. Costin Raiu, the firm’s director of global research and analysis, explained that when the two are deployed, they search for registry keys that allow them to fully install their malware. When searching for those keys, however, Kaspersky found Stuxnet and Duqu were both searching for three other keys. This means that the worms have siblings that work in tandem with it, strengthening its damaging power. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: