New York Times, By JOHN MARKOFF, October 18, 2011
The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say. Stuxnet, which infected tens of thousands of computers in 155 countries last year, created an international sensation when experts reported that it was designed as an American-Israeli project to sabotage Siemens Corporation computers used in uranium enrichment at the Natanz site. The researchers say the new malicious program, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack. The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions. “Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.” They said the Duqu program was found in Europe in a narrowly limited group of organizations, “including those involved in the manufacturing of industrial control systems.” http://www.nytimes.com/2011/10/19/technology/stuxnet-computer-worms-creators-may-be-active-again.html?_r=1&nl=technology&emc=techupdateema3
