Symantec has revealed that on 14 October 2011, a research lab had alerted them to a new malicious program – which the security company has named W32.Duqu.
The malware appeared to be very similar to Stuxnet, which is a worm that was discovered last year and found to target Siemens supervisory control and data acquisition (SCADA) systems.
Different variants of the worm targeted different Iranian organisations, and the target of the worm is widely suspected to be uranium enrichment programmes.
Industry and analysts alike, have said that the emergence of Stuxnet is an indicator of cyber-crime moving from seeking fame and/or fortune to espionage.
Duqu seems to be based on Stuxnet, Symantec said in a recent blog post, further explaining that it has a completely different purpose in that it gathers intelligence data.
Symantec highlighted the following keypoints to Duqu:
- Executables using the Stuxnet source code have been discovered. They appear to have been developed since the last Stuxnet file was recovered.
- The executables are designed to capture information such as keystrokes and system information.
- Current analysis shows no code related to industrial control systems, exploits, or self-replication.
- The executables have been found in a limited number of organizations, including those involved in the manufacturing of industrial control systems.
- The exfiltrated data may be used to enable a future Stuxnet-like attack.