Symantec announced that a new, malicious virus, called Duqu, has been discovered, and it may have ties to the Stuxnet virus.
Symantec made the discovery alongside an unnamed research lab. The company states that it appears whoever wrote Duqu had access to the source code of the Stuxnet virus. Whereas Stuxnet was designed to infiltrate and destroy industrial software, however, Duqu is an intelligence-gatherer. Researchers say that Duqu may be looking for intelligence to launch an even larger, more successful attack.
“Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT),” the company said . The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.”
The report goes on to say that the Duqu virus was digitally signed using a stolen key from a legitimate, Taiwan-based company, allowing relatively easy infection of the virus’ targets when combined with exploitation of a number of system vulnerabilities. Symantec owns the VeriSign authentication service that controlled the stolen certificate, so Symantec was able to revoke its security privileges (via Tech News World ).
“It’s an intelligence operation,” Michael Sconzo, a senior security officer at RSA, told Fox News . “We still aren’t sure of all the things it looks for yet but it is a likely precursor to an attack. It is a Trojan horse.”
Source: Symantec