US firm finds new 'Stuxnet-related' worm

Researchers at Symantec say they possess part of the worm which causes it to load on a computer after it restarts.

Stuxnet 311 (photo credit: Courtesy)
Stuxnet 311
(photo credit: Courtesy)
Researchers at the US computer security firm Symantec say they have obtained a new version of an Internet worm that has been linked to the Stuxnet virus.
Stuxnet is the name of a computer virus that was detected in 2010, which reportedly caused significant damage to Iran’s uranium enrichment program.
It targeted Siemens supervisory control and data acquisition (SCADA) systems, used by Iran to enrich uranium through spinning centrifuges. Foreign media reports speculated that Israel or the US, or both, were behind the attack.
Five months ago, Symantec detected a computer worm, Duqu, which sends back information on systems that would help attackers prepare a future strike.
Duqu “must either have been created by the same group that authored Stuxnet, or by a group that somehow managed to obtain Stuxnet’s source code,” Symantec said following the discovery.
Now, Symantec said, part of a new version of Duqu has been found.
Researchers at the firm said they came to possess a part of the worm which causes it to load on a computer after it restarts.
“The compile date on the Duqu component is February 23, 2012, so this new version has not been in the wild for very long,” a post on Symantec’s blog said. “We can see the authors have changed just enough enough of the threat to evade some security product detection.”
Last year, Symantec concluded that the mysterious authors behind Stuxnet, described as the most sophisticated cyber weapon on the planet, appear to be planning another strike, and have updated their advanced spy program designed to search out weaknesses.
The Duqu worm was believed to have infected systems in countries from Vietnam to France, including Iran.
In recent days, another cyber security company, Kaspersky Lab, reported that Duqu had been written in “pure C,” an old programming language “long since discarded by most programmers in favor of newer versions,” ABC News reported.
Quoting Kaspersky researchers, ABC said that the old language was used “to make sure that the worm could infect just about everything it touched.”