US firm finds new 'Stuxnet-related' worm

Researchers at Symantec say they possess part of the worm which causes it to load on a computer after it restarts.

March 27, 2012 02:06
1 minute read.
Stuxnet Virus

Stuxnet 311. (photo credit: Courtesy)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


Researchers at the US computer security firm Symantec say they have obtained a new version of an Internet worm that has been linked to the Stuxnet virus.

Stuxnet is the name of a computer virus that was detected in 2010, which reportedly caused significant damage to Iran’s uranium enrichment program.

Be the first to know - Join our Facebook page.

It targeted Siemens supervisory control and data acquisition (SCADA) systems, used by Iran to enrich uranium through spinning centrifuges. Foreign media reports speculated that Israel or the US, or both, were behind the attack.

Five months ago, Symantec detected a computer worm, Duqu, which sends back information on systems that would help attackers prepare a future strike.

Duqu “must either have been created by the same group that authored Stuxnet, or by a group that somehow managed to obtain Stuxnet’s source code,” Symantec said following the discovery.

Now, Symantec said, part of a new version of Duqu has been found.

Researchers at the firm said they came to possess a part of the worm which causes it to load on a computer after it restarts.


“The compile date on the Duqu component is February 23, 2012, so this new version has not been in the wild for very long,” a post on Symantec’s blog said. “We can see the authors have changed just enough enough of the threat to evade some security product detection.”

Last year, Symantec concluded that the mysterious authors behind Stuxnet, described as the most sophisticated cyber weapon on the planet, appear to be planning another strike, and have updated their advanced spy program designed to search out weaknesses.

The Duqu worm was believed to have infected systems in countries from Vietnam to France, including Iran.

In recent days, another cyber security company, Kaspersky Lab, reported that Duqu had been written in “pure C,” an old programming language “long since discarded by most programmers in favor of newer versions,” ABC News reported.

Quoting Kaspersky researchers, ABC said that the old language was used “to make sure that the worm could infect just about everything it touched.”

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Holland Park’s forest, north of Eilat.
August 11, 2014
Promising trend of prosecution for environmental crimes, officials say