Mysterious spy program spreads in world’s computer networks
USA and Israel suspected of involvement in developing Duqu malware - structure similar to Stuxnet worm
Undetectable. Flawless. "Son of Stuxnet".
These terms have been used to describe the data security field’s current number one talking-point, a new piece of spyware spreading in the world’s computer networks that was discovered last week.
The malware has been nicknamed “Duqu” because of the frequent use of the .DQ file extension in its programming code.
What is certain is that Duqu is not the creation of pimply-faced teenage computer nerds with attitude.
Instead, the spyware is a close relative of the most advanced malware to date, the infamous Stuxnet, which caused the destruction of centrifuges at an Iranian uranium enrichment facility in 2010.
“It is an externally controllable collection of programming code that can be made to do just about anything. This is virtual spying at its most complex”, says expert Erkki Mustonen from the Finnish computer security company F-Secure.
Many data security specialists say that Duqu and Stuxnet originate from the same source, for they share a lot of the same programming code.
Stuxnet is widely suspected of having been produced by the United States and Israel, who wanted to delay Iran’s nuclear programme.
The difference between Stuxnet and Duqu is that while Stuxnet’s purpose was to destroy, Duqu simply collects information.
It is possible that Stuxnet made use of information collected by using Duqu when it caused devastation at the Iranian nuclear facility.
Where Duqu was located has not been made public. According to Mustonen, the location has been a European research organisation or something similar.
According to a fresh report by the data security company Symantec, Duqu is being used to prepare for a new attack similar to the one carried out using Stuxnet.
The purpose of Duqu looks to be to collect information regarding systems run by industrial automation companies. The information would then be used against the parties that buy these systems.
Duqu’s precise spreading mechanism and the number of affected computers are so far unknown.
The exact extent of the spread of the spyware may remain an eternal mystery, as the programme runs on its target machine only for 36 days, after which it destroys itself.
Before that, Duqu sends the collected date to a server in India.
“This is a very clever trick. The designers of the software have calculated the window of opportunity within which Duqu can perform the tasks it is meant for. After that it removes itself from the system”, Mustonen says.
“Afterwards it will be difficult to identify if there ever was anything on the computer. The traces are gone.”
Previously in HS International Edition:
Warfare for a new age (19.10.2010)
Defence Ministry wants cyber weaponry in addition to defence against attack on data networks (12.10.2011)
MSNBC:"Son of Stuxnet" virus could be used to attack critical computers worldwide
Stuxnet - Duqu variant (Wikipedia)