You are Here:
New Virus "Duqu" May be First Step in New Stuxnet-Like Cyber False Flag

Author (Read 4862 times)

0 Members and 1 Guest are viewing this topic.

 

Optimus

  • Globalist Destroyer
  • Administrator
  • Mega InfoWarrior
  • *****
  • 1989
    Posts
  • CO2 is plant food!
    • This Forum
Son of Stuxnet? Researchers Warn of Impending Cyber Attack

Researchers claim a new virus, dubbed "Duqu", could be the first step in a new Stuxnet-like cyber attack.

By LEE FERRAN
Oct. 18, 2011

A new computer virus using "nearly identical" parts of the cyber superweapon Stuxnet has been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major U.S.-based cyber security company said today.

Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time, U.S. officials said the worm's unprecedented complexity and potential ability to physically sabotage industrial control systems -- which run everything from water plants to the power grid in the U.S. and in many countries around the world -- marked a new era in cyber warfare.

Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the U.S. and Israel were on a short list of possible culprits.

READ: Could Cyber Superweapon Be Turned on the U.S.?

Whoever it was, the same group may be at it again, researchers said, as the authors of the new virus apparently had access to original Stuxnet code that was never made public.

More: http://abcnews.go.com/Blotter/stuxnet-returns-duqu-researchers-warn-similar-cyber-attack/story?id=14763854
"The Constitution is not an instrument for the government to restrain the people,
it's an instrument for the people to restrain the government."
- Patrick Henry
 

 

Optimus

  • Globalist Destroyer
  • Administrator
  • Mega InfoWarrior
  • *****
  • 1989
    Posts
  • CO2 is plant food!
    • This Forum
New virus threatens Iran's nuclear program

After the Stuxnet computer virus that wreaked havoc on Iran's nuclear program, a new virus named 'Duqu' threatens similar consequences

Reuters
Published:    10.21.11, 12:34 / Israel News

First there was the Stuxnet computer virus that wreaked havoc on Iran's nuclear program. Now comes "Duqu," which researchers on Tuesday said appears to be quite similar.

Security software firm Symantec said in a report it was alerted by a research lab with international connections on Friday to a malicious code that "appeared to be very similar to Stuxnet." It was named Duqu because it creates files with "DQ" in the prefix.

 
Related stories:

    Iran blames Israel for Stuxnet worm
    Iran says targeted by second computer virus
    Iran: Computer worm didn't cause serious damage

 
The US Department of Homeland Security said it was aware of the reports and was taking action.

"DHS' Industrial Control Systems Cyber Emergency Response Team has issued a public alert and will continue working with the cyber security research community to gather and analyze data and disseminate further information to our critical infrastructure partners as it becomes available," a DHS official said.

Symantec said samples recovered from computer systems in Europe and a detailed report from the unnamed research lab confirmed the new threat was similar to Stuxnet.

"Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose," Symantec said. "Duqu is essentially the precursor to a future Stuxnet-like attack."

Produced by Israel or US

Stuxnet is a malicious software that targets widely used industrial control systems built by German firm Siemens. It is believed to have crippled centrifuges Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program.

Cyber experts say its sophistication indicates that Stuxnet was produced possibly by the United States or Israel.

More: http://www.ynetnews.com/articles/0,7340,L-4137286,00.html
"The Constitution is not an instrument for the government to restrain the people,
it's an instrument for the people to restrain the government."
- Patrick Henry
 

 

Optimus

  • Globalist Destroyer
  • Administrator
  • Mega InfoWarrior
  • *****
  • 1989
    Posts
  • CO2 is plant food!
    • This Forum
Quote from: ignescent       http://forum.prisonplanet.com/index.php?topic=219956.msg1305856#msg1305856
Stuxnet Clone 'Duqu' Possibly Preparing Power Plant Attacks

Published October 18, 2011

Security researchers have detected a new Trojan, scarily similar to the infamous Stuxnet worm, which could disrupt computers controlling power plants, oil refineries and other critical infrastructure networks.

The Trojan, dubbed "Duqu" by the security firm Symantec, appears, based on its code, to have been written by the same authors as the Stuxnet worm, which last July was used to cripple an Iranian nuclear-fuel processing plant.

"Stuxnet source code is not out there," wrote F-Secure cybersecurity expert Mikko Hyppönen on his firm's blog. "Only the original authors have it. So, this new backdoor was created by the same party that created Stuxnet."

The original Stuxnet was specifically designed to compromise an industrial control system by manipulating the supervisory control and data acquisition (SCADA) software on which these facilities rely on for automation. Duqu may have its sights set on the same target, but it approaches from a different angle.

"Duqu shares a great deal of code with Stuxnet; however, the payload is completely different," researchers for the security firm Symantec wrote on its Security Response blog.

Instead of directly targeting the SCADA system, Duqu gathers "intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

"Duqu is essentially the precursor to a future Stuxnet-like attack," the researchers added.

Symantec said whoever is behind Duqu rigged the Trojan to install another information-stealing program on targeted computers that could record users' keystrokes and system information and transmit them, and other harvested data, to a command-and-control (C&C) server. The C&C server is still operational, Symantec said.

McAfee, another prominent security firm, has a different analysis of Duqu. Two of its researchers wrote on McAfee's blog that Duqu is actually highly sophisticated spyware designed to steal digital certificates, which are encrypted "keys" that websites use to verify their identities. (Stolen certificates, apparently purloined by a lone Iranian hacker, have become a big issue recently.)

Neither Symantec, McAfee nor F-Secure would speculate about who's behind Duqu, but the conventional wisdom on Stuxnet is that it was created by the intelligence services of the U.S. and Israel to knock out a uranium-refinement plant in Iran.

This new entry into the Stuxnet family comes just after the Department of Homeland Security (DHS) issued a bulletin warning that the notorious hacking group Anonymous may soon start looking to bring down or disrupt industrial control facilities. Posted yesterday (Oct. 18) to publicintelligence.net, the unclassified bulletin assesses Anonymous' ability to compromise SCADA systems that run power plants, chemical plants, oil refineries and other industrial facilities.

Government officials did not blame Anonymous for any such hacks, and the bulletin says that based on available information, Anonymous has "a limited ability to conduct attacks" on industrial control systems.



http://www.foxnews.com/scitech/2011/10/18/stuxnet-clone-found-possibly-preparing-power-plant-attacks/
"The Constitution is not an instrument for the government to restrain the people,
it's an instrument for the people to restrain the government."
- Patrick Henry
 

 

Powered by EzPortal