Kaspersky team reveals Stuxnet family of weapons

Dec 29, 2011 by Nancy Owano weblog

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the word from Moscow based Kaspersky Lab. What’s more, according to Kaspersky’s director of global research, Costin Raiu, these Lego-like weapons work as modules, in that they are designed to fit together with each having different functions. They were developed on a single platform whose roots trace back at least to 2007; the creators have used the same software development environment ever since.

Raiu told Reuters about the findings on Wednesday based on the evidence that his team has gathered. He cited Stuxnet--the Iran-targeted weapon-- and a related Duqu--the data-scoffing Trojan targeting design documents that showed up this year in Europe-- as two of what might be a lethal assembly—three of the weapons have yet to be released.

Besides Kaspersky, other anti-virus leaders such as Symantec and Trend Micro incorporated technology into their products to protect systems against Stuxnet and Duqu; Raiu says that these viruses may be more sophisticated than previously known.

Kaspersky named the platform "Tilded" because many of the files in Duqu and have names beginning with the tilde symbol "~" and the letter "d." What Kaspersky recently discovered is that shared components search for at least three other unique registry keys, It is possible that at least three other pieces of malware have been built that use the same platform. It would be relatively easy for the developers of those highly sophisticated viruses to create other weapons.

Developers can build new cyber weapons by simply adding and removing modules, he told Reuters, "It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank.”

The Kaspersky team cited 2007 because installed code by Duqu was compiled from a device running Windows on August 31, 2007. Kaspersky sources did not name a country responsible for the cyber weapons. When contacted by the press about Kaspersky’s findings, the Pentagon declined comment.

Kaspersky Lab is a vendor of security software. In 1999, Kaspersky Labs, says the company, was the first to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems.

Explore further: Facebook goes retro with 'Rooms' chat app

More information:
via Reuters

Related Stories

Iran says Duqu malware under 'control'

Nov 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Symantec warns of new Stuxnet-like virus

Oct 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Stuxnet-like virus points to new round of cyber war

Oct 20, 2011

Internet security specialists have warned of a new round of cyber warfare in the form of a computer virus similar to the malicious Stuxnet worm believed to have targeted Iran's nuclear program. ...

Recommended for you

Facebook goes retro with 'Rooms' chat app

12 hours ago

Facebook on Thursday released an application that lets people create virtual "rooms" to chat about whatever they wish using any name they would like.

Some online shoppers pay more than others, study shows

13 hours ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

Twitter looks to weave into more mobile apps

Oct 22, 2014

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

Oct 22, 2014

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

Telekinetic
4.6 / 5 (5) Dec 29, 2011
Israel's high-tech capability was most likely responsible for Iran's centrifuge enrichment program going haywire. It was pretty amazing how it fooled those monitoring the centrifuges into believing everything was running smoothly as the machines were spinning themselves to bits at too high a speed.
pres68y
1.6 / 5 (8) Dec 30, 2011
"Stuxnet" type software certainly also worked good at Fukushima!
(teach those Japs not to offer uranium enrichment to Iran)
Burnerjack
4.8 / 5 (4) Dec 30, 2011
@ pres68y,
A software virus that can generate a tsunami? Now THAT is impressive!
GSwift7
3.7 / 5 (3) Dec 30, 2011
I once got a tour of a water treatment plant in Louisville KY. They showed me the control room. It was a room the size of a large living room with the walls completely covered with old fashioned analogue guages and light boards. In the center of the room was a table with a single PC that replaced all the old guages. The room had no staff. My guide explained that the computer sends a text alert to staff if it detects a problem, otherwise it runs itself for the most part. Kinda cool. The old guages were all still active, but not monitored. In an emergency they could still fall back on the legacy systems, but it would be nearly impossible to run the facility at peak performance with the old equipment, so it would be crippled at the very least, if the computer system were to go down. Attacks like Stuxnet must terify people who manage critical infrastructure. There's no way to install safeguards and contingency plans against every possible threat, rather have plans to allow rapid repairs.
nkalanaga
5 / 5 (4) Dec 30, 2011
There is a very simple safeguard against digital attacks: don't attach the system to the Internet or phone lines! If there's no way to send data or instructions to it from the outside world, the only way to attack it is with a physical presence. At that point a bomb or axe would do just as well.

Sending texts can still be secure, if they are sent through a one-way connection, so the system doesn't listen for incoming responses. If there is any way of contacting the system from the outside world it is not secure.
GSwift7
1 / 5 (1) Jan 03, 2012
Well, in the case of the Water facility, it is connected to a vast network of monitoring sensors and electronic valves and pumps throughout the city. It routs water to the places it is needed and monitors water quality as well. It can detect a leak by noticing an unexpected loss of flow, for example. It would be impossible to isolate the control system from the outside. Electric grids, telephone, television, etc. are all vulnerable in this way. Off-site backup and storage is another area of vulnerability for most infrastructure today. Any system that handles financial transactions, for example, must have a continuous off-site backup facility, and that must allow two-way communication. There's an underground facility just outside of Kansas City Mo, in old limestone mines, that is used for this purpose. They have military style armed guards with assault rifles at the gate. Much of Holywood's original films are stored there as well. Cool huh?