[ISN] Stuxnet may have up to 4 malware siblings made on the same platform

From: InfoSec News <alerts_at_private>
Date: Fri, 30 Dec 2011 03:57:25 -0600 (CST)
http://venturebeat.com/2011/12/29/stuxnet-siblings/

By Meghan Kelly
VentureBeat
December 29, 2011

Stuxnet has been called the most sophisticated computer worm ever 
created. We know there are siblings to the malware which took down 
Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may 
be up to four other worms in the family tree.

In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable 
malware targets an industrial control system called SCADA, which 
operates as a management tool for commercial grade software and 
hardware. It shut down the equipment responsible for creating fuel for 
nuclear weapons, which Iranian president Mahmoud Ahmadinejad later 
admitted. In 2011, the Duqu virus was discovered and named as part of 
the Stuxnet family of malware, bringing the count up to two highly 
sophisticated worms.

According to a report by Reuters, Russian security company Kaspersky 
Labs has identified three others. When originally found, Kaspersky said 
Stuxnet was so mature it could have been made by an intelligence agency. 
Later, the United States and Israel were both blamed for its creation 
and eventual dispersal. Neither country has taken responsibility.

Though we don’t know what lab the worms originated from, the same one 
gave birth to both Stuxnet and Duqu as well as the three siblings. 
Kaspersky discovered this after observing the two virus’ attempt to find 
the other three. Costin Raiu, the firm’s director of global research and 
analysis, explained that when the two are deployed, they search for 
registry keys that allow them to fully install their malware. When 
searching for those keys, however, Kaspersky found Stuxnet and Duqu were 
both searching for three other keys. This means that the worms have 
siblings that work in tandem with it, strengthening its damaging power.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Fri Dec 30 2011 - 01:57:25 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 30 2011 - 01:53:53 PST