First there was the Stuxnet computer virus that wreaked havoc on Iran’s nuclear program. Now comes “Duqu,” which researchers on Tuesday said appears to be quite similar.
Security software firm Symantec said in a report it was alerted by a research lab with international connections on Friday to a malicious code that “appeared to be very similar to Stuxnet.” It was named Duqu because it creates files with “DQ” in the prefix.
The US Department of Homeland Security said it was aware of the reports and was taking action.
“Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose,” Symantec said. “Duqu is essentially the precursor to a future Stuxnet-like attack.”
The new Duqu computer virus is designed to gather data from industrial control system manufacturers to make it easier to launch an attack in the future by capturing information including keystrokes.
“Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT),” Symantec said. “The threat does not self-replicate.”
Duqu shares “a great deal of code with Stuxnet” but instead of being designed to sabotage an industrial control system, the new virus is designed to gain remote access capabilities.
A brief statement from the Laboratory of Cryptography and System Security (CrySyS) in Hungary confirmed its participation:
Our lab, the Laboratory of Cryptography and System Security (CrySyS) participated in the discovery of Duqu malware within an international collaboration. While gathering deeper knowledge about its functionality, we have confirmed Duqu is a threat nearly identical to Stuxnet. After the thorough analysis of samples we prepared a detailed report about Duqu, named by us. We immediately provided competent organizations with the initial report in order to jointly step up in a professionally prepared way. Our research lab will provide the professional community and the public with all relevant details in the future as well. But we can not reveal further information about the ongoing case. Instead of speculating we encourage all professional organizations to enhance the joint process of finding a solution, since strong international collaboration will remain to play a key role.
The lab did not offer any additional details.