Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts 'Convinced' Duqu Work of Stuxnet Authors

Posted by samzenpus on from the two-for-one dept.

Trailrunner7 writes "Researchers are fairly confident now that whoever wrote the Duqu malware was also involved in developing the Stuxnet worm. They're also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven't been documented yet. There was a lot of speculation when Duqu first emerged about whether the attack was the work of the same group--still unknown--that had created Stuxnet and unleashed it on Iran's nuclear facilities last year. Some of that was centered on supposed similarities in the code between the two pieces of malware, but that was before many of the individual components of Duqu had been identified and analyzed. Now that the analysis and research into the Duqu malware have advanced a bit, researchers say they've found more evidence that points to the malware being the work of the Stuxnet authors or their close associates. 'I'm convinced it's the same group,' Costin Raiu, director of global research and analysis at Kaspersky Lab, who has done much of the analysis of Duqu, said."

7 of 85 comments (clear)

  1. My powers have doubled by Spy+Handler · · Score: 5, Funny

    since the last time we met, Duqu!

  2. Re:Should the researchers keep quiet? by Eunuchswear · · Score: 5, Interesting

    If Stuxnet is designed to prevent the total destruction of Israel

    That's a big "if" you're waving around there partner.

    Stuxnet could be a weapon designed for use against Iran, possibly by Israel, but "designed to prevent the total destruction of Israel", that's pretty hyperbolic.

    People who mess with the military often find themselves six feet under (unless they're cremated first).

    Who's military are you talking about here?

    --
    Watch this Heartland Institute video
  3. The group isn't unknown at all. by Anonymous Coward · · Score: 5, Interesting

    The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.

    http://www.net-security.org/secworld.php?id=10596

  4. Re:Should the researchers keep quiet? by Baloroth · · Score: 5, Informative

    This is probably the intelligence community at work here. If competent (and from the signs of how well created Stuxnet and Duqu are, they are), people who out these things have nothing to fear. It would almost be an open admission of guilt to "make them disappear." Not to mention the risk of being caught. These worms have worked by subtlety and subterfuge, they won't stop doing that now. And that means not killing people. Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.

    Now, if they were leaking something like a NOC list or exact design documents for thermonuclear warheads, that might be a different story. Stuxnet, however, already did its damage. Duqu probably did too.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  5. Re:Should the researchers keep quiet? by Anonymous Coward · · Score: 5, Insightful

    No.

    Malware researchers should investigate malware, regardless of its pedigree. The malware doesn't discriminate as to the computer. Duqu and Stuxnet will infect a Windows system regardless its location and use. That was part of the idea behind Stuxnet: wide initial deployment so that it would eventually find its way into the Iranian centrifuge system. The authors don't seem to care if they infect non-affiliated systems along the way.

    There is also no reason why the exploits being used in Duqu and Stuxnet, presumably by western governments, can't be rebranded by our more run of the mill botnet farmers and spammers.

  6. Re:Should the researchers keep quiet? by Anonymous Coward · · Score: 5, Interesting

    More likely, stuxnet was designed as an alternative to an unpopular military action. Arab neighbors of Iran are eager for Israel to "handle" the issue so they can reap the benefits of an emasculated Iran without getting their own hands dirty. The situation for Israel is more complex; military action will galvanize anti-Israeli sentiments in the ME, and Iran is not their most immediate problem. BUT, neither can Iran be safely ignored. Stuxnet performed its job in buying extra time before Iran could finalize its nuclear program, but that extra time is running out.

  7. Re:Should the researchers keep quiet? by Eunuchswear · · Score: 5, Informative

    Iran is not an arab country.

    --
    Watch this Heartland Institute video