Stuxnet clone menaces European SCADA systems

New malware based on the Stuxnet virus that attacked the SCADA systems of Iran’s Bushehr nuclear plant has been detected in Europe by Symantec.

Dubbed ‘Duqu’, the malware appears targeted at a few organisations, including European firms that make the software that controls power stations and other industrial facilities.

Duqu’s code suggests it was created by or with assistance from the authors of the ground-breaking Stuxnet worm, which targeted Siemens systems to delay the commissioning of Iran’s first nuclear plant, said Symantec.

The new malware appears to be the precursor to a more sophisticated attack, said Greg Day, Security CTO at Symantec EMEA.

“It has been specifically targeted at systems with the goal of getting in, compromising them, and then exfiltrating information,” he said.

Information from targeted firms is smuggled out as image files before the malware removes itself after 36 days so that the security breach can avoid detection.

Duqu is designed to spread through hacking organisation’s vulnerabilities or through prompting employees to open infected attachments or visit websites that infect their machines.

Symantec has already discovered two variants of Duqu. The company dates its earliest record of Duqu back to 1 September but warns that the malware could have been active since December 2010.

For more market intelligence news click here

No posts to display