On October 14, security company Symantec got word from a research lab that they’d discovered a piece of malware that looked a lot like Stuxnet, the sophisticated computer virus that made headlines last year after its anonymous designers used it to attack Iran’s nuclear program. This new malware, called Duqu by the researchers who discovered it, shares much of Stuxnet’s code, suggesting that it came from the same people who built the first virus, or at least people who had access to the source code.
Found in computer systems in Europe, Duqu isn’t intended to destroy a physical object, the way Stuxnet was, but rather is gathering information by recording users’ keystrokes and collecting details from the infected system. While Stuxnet contained instructions for hijacking industrial control systems in order to wreck uranium-purification centrifuges, Duqu is searching for plans and specifications that will let its designers launch an attack on such a system in the future. Launched after Stuxnet was discovered, Duqu doesn’t replicate, and appears to have been directed to a very limited number of European targets, including companies that make industrial control systems. It self-destructs after 36 days, presumably to avoid detection.
Image courtesy of techknowbutler / flickr