Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts 'Convinced' Duqu Work of Stuxnet Authors

Posted by samzenpus on from the two-for-one dept.

Trailrunner7 writes "Researchers are fairly confident now that whoever wrote the Duqu malware was also involved in developing the Stuxnet worm. They're also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven't been documented yet. There was a lot of speculation when Duqu first emerged about whether the attack was the work of the same group--still unknown--that had created Stuxnet and unleashed it on Iran's nuclear facilities last year. Some of that was centered on supposed similarities in the code between the two pieces of malware, but that was before many of the individual components of Duqu had been identified and analyzed. Now that the analysis and research into the Duqu malware have advanced a bit, researchers say they've found more evidence that points to the malware being the work of the Stuxnet authors or their close associates. 'I'm convinced it's the same group,' Costin Raiu, director of global research and analysis at Kaspersky Lab, who has done much of the analysis of Duqu, said."

12 of 85 comments (clear)

  1. My powers have doubled by Spy+Handler · · Score: 5, Funny

    since the last time we met, Duqu!

  2. What is this telling us? by plover · · Score: 4, Insightful

    So Duqu is estimated to have infected about 50 machines. It's a piece of scouting software that collects and maps information, but doesn't attack. It doesn't even phone home yet. It's obviously not news because of its impact to the broad population of computers on the Internet.

    So what exactly is this story telling us? Panic now, because the Stuxnet authors are still on the loose and writing malware? Don't panic at all, because Duqu is obviously targeting an Enemy of the State (like Iran) and not generic PCs? Buy Symantec or Kaspersky antivirus software because their detection has gotten better since Stuxnet?

    --
    John
    1. Re:What is this telling us? by Telvin_3d · · Score: 4, Interesting

      Stuxnet is the first widely reported example of a digital attack on the infrastructure of one nation by (what is believed to be) another nation or nations. This is a big deal. This is one that is likely to be in course syllabuses 50 years from now. If not in the CS department then probably in the PoliSci department. Anything connected to Stuxnet is inherently interesting and potentially newsworthy.

      Any actual technical capabilities that Duqu may or may not have is the least interesting part of this story.

  3. Re:/tinfoil hat by masternerdguy · · Score: 4, Funny

    The CIA is backed up by a covert organization called the NID which wants to regulate the Stargate in Area 51. It's true.

    --
    To offset political mods, replace Flamebait with Insightful.
  4. Re:Should the researchers keep quiet? by Eunuchswear · · Score: 5, Interesting

    If Stuxnet is designed to prevent the total destruction of Israel

    That's a big "if" you're waving around there partner.

    Stuxnet could be a weapon designed for use against Iran, possibly by Israel, but "designed to prevent the total destruction of Israel", that's pretty hyperbolic.

    People who mess with the military often find themselves six feet under (unless they're cremated first).

    Who's military are you talking about here?

    --
    Watch this Heartland Institute video
  5. The group isn't unknown at all. by Anonymous Coward · · Score: 5, Interesting

    The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

    http://www.net-security.org/secworld.php?id=10596

  6. Re:Should the researchers keep quiet? by Baloroth · · Score: 5, Informative

    This is probably the intelligence community at work here. If competent (and from the signs of how well created Stuxnet and Duqu are, they are), people who out these things have nothing to fear. It would almost be an open admission of guilt to "make them disappear." Not to mention the risk of being caught. These worms have worked by subtlety and subterfuge, they won't stop doing that now. And that means not killing people. Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.

    Now, if they were leaking something like a NOC list or exact design documents for thermonuclear warheads, that might be a different story. Stuxnet, however, already did its damage. Duqu probably did too.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  7. its cause we dont have amazing researchers by Tyrannosaur · · Score: 4, Informative

    Ralph Langner was the genius behind our knowing about what Stuxnet did. But his team of researchers aren't studying Duqu much because "please note that we don’t research Duqu as it appears to be unrelated to control systems." We don't have that genius picking apart Duqu as we do Stuxnet. But Duqu is not the next stuxnet. It's not nearly as cool. Stuxnet was a very unique virus for several reasons. Duqu is more like just a standard virus. I don't understand why Stuxnet was underplaid and Duqu is so overplayed. If you want the cool information on Stuxnet http://www.langner.com/en/2011/11/09/two-years-later/ is Langner's latest post.

  8. Re:Should the researchers keep quiet? by Anonymous Coward · · Score: 5, Insightful

    No.

    Malware researchers should investigate malware, regardless of its pedigree. The malware doesn't discriminate as to the computer. Duqu and Stuxnet will infect a Windows system regardless its location and use. That was part of the idea behind Stuxnet: wide initial deployment so that it would eventually find its way into the Iranian centrifuge system. The authors don't seem to care if they infect non-affiliated systems along the way.

    There is also no reason why the exploits being used in Duqu and Stuxnet, presumably by western governments, can't be rebranded by our more run of the mill botnet farmers and spammers.

  9. Re:Should the researchers keep quiet? by Anonymous Coward · · Score: 5, Interesting

    More likely, stuxnet was designed as an alternative to an unpopular military action. Arab neighbors of Iran are eager for Israel to "handle" the issue so they can reap the benefits of an emasculated Iran without getting their own hands dirty. The situation for Israel is more complex; military action will galvanize anti-Israeli sentiments in the ME, and Iran is not their most immediate problem. BUT, neither can Iran be safely ignored. Stuxnet performed its job in buying extra time before Iran could finalize its nuclear program, but that extra time is running out.

  10. Re:Should the researchers keep quiet? by Jeng · · Score: 4, Informative

    Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.

    Remember, we are talking about Israel here, they have no reservations about assassinations.

    http://en.wikipedia.org/wiki/List_of_Israeli_assassinations

    --
    Don't know something? Look it up. Still don't know? Then ask.
  11. Re:Should the researchers keep quiet? by Eunuchswear · · Score: 5, Informative

    Iran is not an arab country.

    --
    Watch this Heartland Institute video