HomeBlogsamandaF's blog

Duqu computer malware infects European industrial computers

Mon, 12/05/2011 - 06:31 — amandaF

In June 2010, a computer worm called Stuxnet was discovered in Iranian nuclear-control computer systems. This week, a similar computer virus, dubbed Duqu, has been found in European commercial control computer systems. Resource for this article: Duqu virus uses Stuxnet DNA to mine industrial data

Computer virus discovered

Computer security organization Symantec announced on its website Tues that it has discovered a computer malware dubbed Duqu. The computer malware reportedly contains "very similar" programming to the Stuxnet malware. Symantec researchers thing someone with the Stuxnet source code creased Duqu. It seems like it is the only explanation. The malware isn't the same, but it is very similar.

How Duqu works

The goal of Duqu is not to attack the computer. It is meant only to collect information. Once Duqu has contaminated a computer, it provides a stolen security certificate, contacts a server in India, downloads additional code, and then mines the computer for information, sending it back to the server via encrypted JPG files. The virus leaves the computer after 36 days as it looks like normal web traffic. Variations of Duqu exist also. There have been three discovered in businesses in the European industrial control. The malware does more than just leave though. It actually downloads software for harmful effects later if necessary.

Dealing with additional cyberwarfare each year

Stuxnet was discovered making people very nervous. It is considered the “first shot in a new cyber warfare. It seems like Duqu is the second attack. The virtual war is raging on. Duqu has not been found in too several places. It has only been found in a few computer systems for the European electronics and control manufacturing systems that are there. These targets are valued very high. They are also simple to exploit.

Could not have been found by Symantec

Symantec does not say that it discovered Duqu, even though it did make the announcement about the malware. Instead, Symantec was alerted of the existence of Duqu by a "research lab with strong international connections" that wishes to remain anonymous.

Citations

Tehran Times: http: // www. tehrantimes. com/world /3736-west-gets-taste-of-their-own-medicine-as-new-stuxnet-targets-europe/

Wall Street Journal: http: // blogs. wsj. com/tech-europe /2011/10/19/son-of-stuxnet-virus-uncovered/?mod=google_news_blog

New York Times: http: // www. nytimes. com/2011/10/19/ technology/stuxnet-computer-worms-creators-may-be-active-again.html