Kaspersky team reveals Stuxnet family of weapons

December 29, 2011 by Nancy Owano weblog

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the word from Moscow based Kaspersky Lab. What’s more, according to Kaspersky’s director of global research, Costin Raiu, these Lego-like weapons work as modules, in that they are designed to fit together with each having different functions. They were developed on a single platform whose roots trace back at least to 2007; the creators have used the same software development environment ever since.

Raiu told Reuters about the findings on Wednesday based on the evidence that his team has gathered. He cited Stuxnet--the Iran-targeted weapon-- and a related Duqu--the data-scoffing Trojan targeting design documents that showed up this year in Europe-- as two of what might be a lethal assembly—three of the weapons have yet to be released.

Besides Kaspersky, other anti-virus leaders such as Symantec and Trend Micro incorporated technology into their products to protect systems against Stuxnet and Duqu; Raiu says that these viruses may be more sophisticated than previously known.

Kaspersky named the platform "Tilded" because many of the files in Duqu and have names beginning with the tilde symbol "~" and the letter "d." What Kaspersky recently discovered is that shared components search for at least three other unique registry keys, It is possible that at least three other pieces of malware have been built that use the same platform. It would be relatively easy for the developers of those highly sophisticated viruses to create other weapons.

Developers can build new cyber weapons by simply adding and removing modules, he told Reuters, "It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank.”

The Kaspersky team cited 2007 because installed code by Duqu was compiled from a device running Windows on August 31, 2007. Kaspersky sources did not name a country responsible for the cyber weapons. When contacted by the press about Kaspersky’s findings, the Pentagon declined comment.

Kaspersky Lab is a vendor of security software. In 1999, Kaspersky Labs, says the company, was the first to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems.

Explore further: Iran says Duqu malware under 'control'

More information:
via Reuters

Related Stories

Iran says Duqu malware under 'control'

November 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Symantec warns of new Stuxnet-like virus

October 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Stuxnet-like virus points to new round of cyber war

October 20, 2011

Internet security specialists have warned of a new round of cyber warfare in the form of a computer virus similar to the malicious Stuxnet worm believed to have targeted Iran's nuclear program.

Recommended for you

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.


Adjust slider to filter visible comments by rank

Display comments: newest first

4 / 5 (6) Dec 29, 2011
Israel's high-tech capability was most likely responsible for Iran's centrifuge enrichment program going haywire. It was pretty amazing how it fooled those monitoring the centrifuges into believing everything was running smoothly as the machines were spinning themselves to bits at too high a speed.
1.6 / 5 (8) Dec 30, 2011
"Stuxnet" type software certainly also worked good at Fukushima!
(teach those Japs not to offer uranium enrichment to Iran)
4.8 / 5 (4) Dec 30, 2011
@ pres68y,
A software virus that can generate a tsunami? Now THAT is impressive!
3.7 / 5 (3) Dec 30, 2011
I once got a tour of a water treatment plant in Louisville KY. They showed me the control room. It was a room the size of a large living room with the walls completely covered with old fashioned analogue guages and light boards. In the center of the room was a table with a single PC that replaced all the old guages. The room had no staff. My guide explained that the computer sends a text alert to staff if it detects a problem, otherwise it runs itself for the most part. Kinda cool. The old guages were all still active, but not monitored. In an emergency they could still fall back on the legacy systems, but it would be nearly impossible to run the facility at peak performance with the old equipment, so it would be crippled at the very least, if the computer system were to go down. Attacks like Stuxnet must terify people who manage critical infrastructure. There's no way to install safeguards and contingency plans against every possible threat, rather have plans to allow rapid repairs.
5 / 5 (4) Dec 30, 2011
There is a very simple safeguard against digital attacks: don't attach the system to the Internet or phone lines! If there's no way to send data or instructions to it from the outside world, the only way to attack it is with a physical presence. At that point a bomb or axe would do just as well.

Sending texts can still be secure, if they are sent through a one-way connection, so the system doesn't listen for incoming responses. If there is any way of contacting the system from the outside world it is not secure.
1 / 5 (1) Jan 03, 2012
Well, in the case of the Water facility, it is connected to a vast network of monitoring sensors and electronic valves and pumps throughout the city. It routs water to the places it is needed and monitors water quality as well. It can detect a leak by noticing an unexpected loss of flow, for example. It would be impossible to isolate the control system from the outside. Electric grids, telephone, television, etc. are all vulnerable in this way. Off-site backup and storage is another area of vulnerability for most infrastructure today. Any system that handles financial transactions, for example, must have a continuous off-site backup facility, and that must allow two-way communication. There's an underground facility just outside of Kansas City Mo, in old limestone mines, that is used for this purpose. They have military style armed guards with assault rifles at the gate. Much of Holywood's original films are stored there as well. Cool huh?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.