[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Stuxnet may have up to 4 malware siblings made on the same platform
By Meghan Kelly
December 29, 2011
Stuxnet has been called the most sophisticated computer worm ever
created. We know there are siblings to the malware which took down
Iranâs nuclear centrifuges, but now Kaspersky labs is saying there may
be up to four other worms in the family tree.
In 2010, Stuxnet infiltrated Iranâs nuclear program. The highly capable
malware targets an industrial control system called SCADA, which
operates as a management tool for commercial grade software and
hardware. It shut down the equipment responsible for creating fuel for
nuclear weapons, which Iranian president Mahmoud Ahmadinejad later
admitted. In 2011, the Duqu virus was discovered and named as part of
the Stuxnet family of malware, bringing the count up to two highly
According to a report by Reuters, Russian security company Kaspersky
Labs has identified three others. When originally found, Kaspersky said
Stuxnet was so mature it could have been made by an intelligence agency.
Later, the United States and Israel were both blamed for its creation
and eventual dispersal. Neither country has taken responsibility.
Though we donât know what lab the worms originated from, the same one
gave birth to both Stuxnet and Duqu as well as the three siblings.
Kaspersky discovered this after observing the two virusâ attempt to find
the other three. Costin Raiu, the firmâs director of global research and
analysis, explained that when the two are deployed, they search for
registry keys that allow them to fully install their malware. When
searching for those keys, however, Kaspersky found Stuxnet and Duqu were
both searching for three other keys. This means that the worms have
siblings that work in tandem with it, strengthening its damaging power.
Subscribe to InfoSec News - www.infosecnews.org