V
Virus Guy
http://abcnews.go.com/Blotter/stuxn...s-warn-similar-cyber-attack/story?id=14763854
A new computer virus using "nearly identical" parts of the cyber
superweapon Stuxnet has been detected on computer systems in Europe and
is believed to be a precursor to a new Stuxnet-like attack, a major
U.S.-based cyber security company said today.
Stuxnet was a highly sophisticated computer worm that was discovered
last year and was thought to have successfully targeted and disrupted
systems at a nuclear enrichment plant in Iran. At the time, U.S.
officials said the worm's unprecedented complexity and potential ability
to physically sabotage industrial control systems -- which run
everything from water plants to the power grid in the U.S. and in many
countries around the world -- marked a new era in cyber warfare.
Though no group claimed responsibility for the Stuxnet worm, several
cyber security experts have said it is likely a nation-state created it
and that the U.S. and Israel were on a short list of possible culprits.
Whoever it was, the same group may be at it again, researchers said, as
the authors of the new virus apparently had access to original Stuxnet
code that was never made public.
The new threat, discovered by a Europe-based research lab and dubbed
"Duqu", is not designed to physically affect industrial systems like
Stuxnet was, but apparently is only used to gather information on
potential targets that could be helpful in a future cyber attack, cyber
security giant Symantec said in a report today.
"Duqu shares a great deal of code with Stuxnet; however, the payload is
completely different," Symantec said in a blog post.
Duqu is designed to record key strokes and gather other system
information at companies in the industrial control system field and then
send that information back to whomever planted the bug, Symantec said.
If successful, the information gleaned from those companies through Duqu
could be used in a future attack on any industrial control system in the
world where the companies' products are used -- from a power plant in
Europe to an oil rig in the Gulf of Mexico.
"Right now it's in the reconnaissance stage, you could say," Symantec
Senior Director for Security Technology and Response, Gerry Egan, told
ABC News. "[But] there's a clear indication an attack is being planned."
Duqu is also not designed to spread on its own, so researchers believe
its targets were the computer systems it had already infiltrated, Egan
said.
The Department of Homeland Security's Industrial Control Systems Cyber
Emergency Response Team issued an alert today to "critical
infrastructure owners and operators" on Duqu, urging them to take steps
to secure their systems.
"The extent of the threat posed by [Duqu] is currently being evaluated,"
the alert says.
Another cyber security company, F-Secure Security Labs, also examined
Duqu and said on its website that parts of its code were so similar to
Stuxnet that its virus-detection system believed it was dealing with the
same virus over again.
A representative for Symantec said they were made aware of the new
threat after the unnamed European research lab forwarded them a sample
of the code along with their analysis comparing it with Stuxnet, which
Symantec then confirmed. McAfee Labs, another cyber security power
player, said they too had been given a sample of the Duqu code for
analysis.
"One thing for sure is the Stuxnet team is still active..." McAfee said
on its website.
A new computer virus using "nearly identical" parts of the cyber
superweapon Stuxnet has been detected on computer systems in Europe and
is believed to be a precursor to a new Stuxnet-like attack, a major
U.S.-based cyber security company said today.
Stuxnet was a highly sophisticated computer worm that was discovered
last year and was thought to have successfully targeted and disrupted
systems at a nuclear enrichment plant in Iran. At the time, U.S.
officials said the worm's unprecedented complexity and potential ability
to physically sabotage industrial control systems -- which run
everything from water plants to the power grid in the U.S. and in many
countries around the world -- marked a new era in cyber warfare.
Though no group claimed responsibility for the Stuxnet worm, several
cyber security experts have said it is likely a nation-state created it
and that the U.S. and Israel were on a short list of possible culprits.
Whoever it was, the same group may be at it again, researchers said, as
the authors of the new virus apparently had access to original Stuxnet
code that was never made public.
The new threat, discovered by a Europe-based research lab and dubbed
"Duqu", is not designed to physically affect industrial systems like
Stuxnet was, but apparently is only used to gather information on
potential targets that could be helpful in a future cyber attack, cyber
security giant Symantec said in a report today.
"Duqu shares a great deal of code with Stuxnet; however, the payload is
completely different," Symantec said in a blog post.
Duqu is designed to record key strokes and gather other system
information at companies in the industrial control system field and then
send that information back to whomever planted the bug, Symantec said.
If successful, the information gleaned from those companies through Duqu
could be used in a future attack on any industrial control system in the
world where the companies' products are used -- from a power plant in
Europe to an oil rig in the Gulf of Mexico.
"Right now it's in the reconnaissance stage, you could say," Symantec
Senior Director for Security Technology and Response, Gerry Egan, told
ABC News. "[But] there's a clear indication an attack is being planned."
Duqu is also not designed to spread on its own, so researchers believe
its targets were the computer systems it had already infiltrated, Egan
said.
The Department of Homeland Security's Industrial Control Systems Cyber
Emergency Response Team issued an alert today to "critical
infrastructure owners and operators" on Duqu, urging them to take steps
to secure their systems.
"The extent of the threat posed by [Duqu] is currently being evaluated,"
the alert says.
Another cyber security company, F-Secure Security Labs, also examined
Duqu and said on its website that parts of its code were so similar to
Stuxnet that its virus-detection system believed it was dealing with the
same virus over again.
A representative for Symantec said they were made aware of the new
threat after the unnamed European research lab forwarded them a sample
of the code along with their analysis comparing it with Stuxnet, which
Symantec then confirmed. McAfee Labs, another cyber security power
player, said they too had been given a sample of the Duqu code for
analysis.
"One thing for sure is the Stuxnet team is still active..." McAfee said
on its website.