Stuxnet Virus Has More Relatives Not Yet Deployed
December 29, 2011

Stuxnet Virus Has More Relatives Not Yet Deployed

According to new research from Russian computer security firm Kaspersky Lab, the Stuxnet virus released on Iran's nuclear program was one of five cyber weapons developed in the same lab.

Stuxnet has already been linked to the Duqu data-stealing trojan virus, which could be used on cyber attacks on industrial control systems.

The Kaspersky researchers gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.

The team named the platform "Tilded" because of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~".

Kaspersky has not found any new types of malware built on the Tilded platform, but they are certain they exist because shared components of Stuxnet and Duqu appear to be searching for their relatives.

A machine infected with either Duqu or Stuxnet searches for two unique registry keys on the PC linked to both viruses, which are then used to load the main piece of malware onto the computer.

The team discovered new shared components that search for at least three other unique registry keys, which suggests that there are more pieces of malware being used by the same platform.

Stuxnet was designed to cripple control systems in the nuclear plant, and Iran described the trojan as being "lethal."

In theory, utility plants like water and gas are at risk of these viruses.  Governments are scrambling to try and shield vulnerable utility plants before someone deploys the next virus.


On the Net: