http://venturebeat.com/2011/12/29/stuxnet-siblings/ By Meghan Kelly VentureBeat December 29, 2011 Stuxnet has been called the most sophisticated computer worm ever created. We know there are siblings to the malware which took down Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may be up to four other worms in the family tree. In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable malware targets an industrial control system called SCADA, which operates as a management tool for commercial grade software and hardware. It shut down the equipment responsible for creating fuel for nuclear weapons, which Iranian president Mahmoud Ahmadinejad later admitted. In 2011, the Duqu virus was discovered and named as part of the Stuxnet family of malware, bringing the count up to two highly sophisticated worms. According to a report by Reuters, Russian security company Kaspersky Labs has identified three others. When originally found, Kaspersky said Stuxnet was so mature it could have been made by an intelligence agency. Later, the United States and Israel were both blamed for its creation and eventual dispersal. Neither country has taken responsibility. Though we don’t know what lab the worms originated from, the same one gave birth to both Stuxnet and Duqu as well as the three siblings. Kaspersky discovered this after observing the two virus’ attempt to find the other three. Costin Raiu, the firm’s director of global research and analysis, explained that when the two are deployed, they search for registry keys that allow them to fully install their malware. When searching for those keys, however, Kaspersky found Stuxnet and Duqu were both searching for three other keys. This means that the worms have siblings that work in tandem with it, strengthening its damaging power. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Dec 30 2011 - 01:57:25 PST
This archive was generated by hypermail 2.2.0 : Fri Dec 30 2011 - 01:53:53 PST