Security firm warns of new Stuxnet-like virus
WASHINGTON — US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran’s nuclear program.
Symantec said Tuesday that the new virus, dubbed “Duqu” because it creates files with the file name prefix “DQ,” is similar to Stuxnet but is designed to gather intelligence for future attacks on industrial control systems.
“The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered,” Symantec said on its website.
“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.
“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”
Symantec said the virus had been aimed at “a limited number of organizations for their specific assets,” without providing further information.
The company said it had been alerted to the threat on October 14 by a “research lab with strong international connections.”
Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.
The New York Times reported in January that US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran’s efforts to make a nuclear bomb.
Tehran has always denied it is seeking nuclear weapons.