Approximately one year ago a virus was found targeting high value infrastructure in Iran. These targets included their nuclear programme, water plants and industrial units – sending many of the centrifuges at Tehran’s nuclear facilities spinning out of control. This virus was given the name ‘Stuxnet’ and the US and Israel were accused of being behind it.
A new virus has now been uncovered by leading cyber security firm, Symantec , which has many of the same characteristics as Stuxnet. This new, highly sophisticated computer worm, named Duqu, was discovered on Friday targeting companies in Europe.
It does not seem that Duqu is attempting to vandalise systems, rather spy on them. However the code is so similar to Stuxnet that it is highly likely it was engineered by the same people. A spokesman for Symantec said: “The majority of the code is consistent with the Stuxnet code, so this new worm either came from the authors of Stuxnet or someone was given access to the Stuxnet source codes”.
The firms being targeted have not been disclosed but the information Duqu gathered was sent to a server in India.
Indications are that this is just the first of a wave of Stuxnet-type viruses – with more sophisticated versions, with the aim of disruption rather than just data gathering, emerging in the next few months.
“Stuxnet really laid new territory in terms of being able to get into and being able to control these nuclear power facilities,” said the spokesman.
“The significance here is that since Stuxnet we have not seen anything else of that level of complexity. It has gone a little quiet since then. The question we are now asking is: ‘Do they have a new goal or purpose?'”
Earlier this month the story broke that the control systems for US air force drones had been infected by a virus. As viruses become more and more sophisticated we are likely to see many more reports of high value computer systems being hit.