Site icon Iran Times

Duqu may be son of Stuxnet

whose sole purpose in life was to up-end the centrifuges at Iran’s centrifuge center in Natanz.

Symantec, the firm that has done the most work exposing Stuxnet, reported on Duqu’s discovery.  It said Duqu is not intended to be destructive like Stuxnet but rather to steal computer structural information that would help worm designers create a successor to Stuxnet. Symantec said, “”Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.  The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

Duqu has been found in only a handful of computers so far.  The program is designed to monitor its host for 36 days and then dissolve itself and cease to exist.

The Symantec researchers identified many similarities between Duqu and Stuxnet and said Dugu could not have been written without having access to the original Stuxnet programmer’s instructions.

But Stuxnet was written only to operate when it found an industrial control facility with components that only Natanz had.  It did nothing in the thousands of other computers it entered.  Symantec said Duqu was designed to spy on many sites around the world, not just the one in Natanz.

Exit mobile version