Symantec says it is looking under the bonnet of a new threat that shares a great deal of code in common with the infamous Stuxnet malware.
Stuxnet was believed to have been penned by spooks in Israel and the US to wipe out the Iranian nuclear industry.
However Symantec claims that the authors of this new threat, dubbed Duqu, had access to the Stuxnet source code, not just Stuxnet binaries.
Thus, it is possible Duqu was created by the same attackers that created Stuxnet. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.
A Symantec spokesman said that Duqu is the precursor to a future Stuxnet-like attack.
More details can be found on Symantec's blog here.
Uses the original source code
Nick Farell
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view itLatest from Nick Farell