Kaspersky: Stuxnet and Duqu built by same team

Kaspersky: Stuxnet and Duqu built by same team

Summary: Duqu and Stuxnet, two of the most sophisticated computer viruses ever discovered, were developed by the same team, according to an analysis carried out by Kaspersky Labs.The company also found hints that the team used the same software development environment to build the advanced viruses — and others — between 2007 and 2011, Kaspersky announced on Thursday.

SHARE:
TOPICS: Storage
0

Duqu and Stuxnet, two of the most sophisticated computer viruses ever discovered, were developed by the same team, according to an analysis carried out by Kaspersky Labs.

The company also found hints that the team used the same software development environment to build the advanced viruses — and others — between 2007 and 2011, Kaspersky announced on Thursday.

"New information on the infections with the Duqu and Stuxnet Trojans confirms that one team is behind this family of malicious programs, and also permits the assumption that a single platform was used, which is flexibly adaptable to specific targets," Kaspersky wrote. "This platform may have been developed long before the Stuxnet epidemic and used more actively than has been thought up to now."

The Stuxnet virus emerged in 2010 and targeted industrial control systems made by Siemens. The virus seemed to disrupt Iran's nuclear weapon program by damaging centrifuges at the Natanz nuclear plant.

Duqu was discovered in 2011. It used code identical to the Stuxnet worm, but targeted computers rather than control systems to gather information, such as design documents.

The security community has been divided on the relationship between the two viruses. McAfee told ZDNet UK in October that Duqu was probably developed by a separate team who studied the Stuxnet code and adapted it.

Tilded

With its analysis, Kaspersky has found a platform it has named 'Tilded' that was used to construct both viruses.

Kaspersky found seven drivers that appear to be tied to the platform, though it has not detected three of the seven drivers in any strain of malware.

"The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can't be attributed either to the more targeted Duqu Trojan due to the compilation date," Alexander Gostev, Kaspersky's chief security expert, said. "We consider that these drivers were used either in an earlier version of Duqu, or for infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team."

Topic: Storage

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion