[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Stuxnet may have up to 4 malware siblings made on the same platform

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] Stuxnet may have up to 4 malware siblings made on the same platform
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Fri, 30 Dec 2011 03:57:25 -0600 (CST)
List-archive: <http://infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://infosecnews.org/mailman/options/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Sender: isn-bounces@xxxxxxxxxxxxxxx
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

http://venturebeat.com/2011/12/29/stuxnet-siblings/

By Meghan Kelly
VentureBeat
December 29, 2011

Stuxnet has been called the most sophisticated computer worm evercreated. We know there are siblings to the malware which took downIranâs nuclear centrifuges, but now Kaspersky labs is saying there maybe up to four other worms in the family tree.

In 2010, Stuxnet infiltrated Iranâs nuclear program. The highly capablemalware targets an industrial control system called SCADA, whichoperates as a management tool for commercial grade software andhardware. It shut down the equipment responsible for creating fuel fornuclear weapons, which Iranian president Mahmoud Ahmadinejad lateradmitted. In 2011, the Duqu virus was discovered and named as part ofthe Stuxnet family of malware, bringing the count up to two highlysophisticated worms.

According to a report by Reuters, Russian security company KasperskyLabs has identified three others. When originally found, Kaspersky saidStuxnet was so mature it could have been made by an intelligence agency.Later, the United States and Israel were both blamed for its creationand eventual dispersal. Neither country has taken responsibility.

Though we donât know what lab the worms originated from, the same onegave birth to both Stuxnet and Duqu as well as the three siblings.Kaspersky discovered this after observing the two virusâ attempt to findthe other three. Costin Raiu, the firmâs director of global research andanalysis, explained that when the two are deployed, they search forregistry keys that allow them to fully install their malware. Whensearching for those keys, however, Kaspersky found Stuxnet and Duqu wereboth searching for three other keys. This means that the worms havesiblings that work in tandem with it, strengthening its damaging power.


[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn

Prev by Date: [ISN] Secunia Weekly Summary - Issue: 2011-52
Next by Date: [ISN] China takes new measures to curb online phishing
Previous by thread: [ISN] Secunia Weekly Summary - Issue: 2011-52
Next by thread: [ISN] China takes new measures to curb online phishing
Index(es):
- Date
- Thread