'Stuxnet weapon has at least 4 cousins'

Kaspersky security firm says virus that damaged Iran's nuke program 1 of at least 5 developed on a single platform.

By REUTERS
December 29, 2011 15:29
2 minute read.
Stuxnet Virus

Stuxnet 311. (photo credit: Courtesy)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter.

A Pentagon spokesman on Wednesday declined comment on Kaspersky's research, which did not address who was behind Stuxnet.

Be the first to know - Join our Facebook page.


RELATED:
Iran admits to Stuxnet-like virus infection
Ahmadinejad admits centrifuges damaged by virus

Stuxnet has already been linked to another virus, the Duqu data-stealing trojan, but Kaspersky's research suggests that the cyber weapons program that targeted Iran may be far more sophisticated than previously known.

Kaspersky's director of global research & analysis, Costin Raiu, told Reuters on Wednesday that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.

Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules.

"It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said.

JPOST VIDEOS THAT MIGHT INTEREST YOU:


Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d."

Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin.

When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said.

Kaspersky recently discovered new shared components that search for at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he added.

Those modules handle tasks including delivering the malware to a PC, installing it, communicating with its operators, stealing data and replicating itself.

Makers of anti-virus software including Kaspersky, U.S. firm Symantec Corp and Japan's Trend Micro Inc have already incorporated technology into their products to protect computers from becoming infected with Stuxnet and Duqu.

Click here for full Jpost coverage of the 































Iranian threat

Yet it would be relatively easy for the developers of those highly sophisticated viruses to create other weapons that can evade detection by those anti-virus programs through the modules in the Tilded platform, he said.

Kaspersky believes that Tilded traces back to at least 2007 because specific code installed by Duqu was compiled from a device running a Windows operating system on August 31, 2007.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Bushehr nuclear Iranian
August 5, 2014
Iran and the bomb: The future of negotiations

By YONAH JEREMY BOB