About Me

My photo
I Am Hamza Subedar in 14th And Doing Software Engineer And Like To Solve Computer and Of Any Gadgets Problem I Like To Tell People That I Can Help To Solve Your Problem Anyways Bolg Me And Get your Problem Solve


Thursday, October 27, 2011

Worm Spies On Industrial Systems

According to the reports, an offshoot of the Stuxnet worm has been noticed recently, used by some lab to start more sophisticated attacks like the one observed at an Iranian nuclear facility in 2010.


Security outfit Symantec revealed that the new version is quite similar to Stuxnet, while parts of the threat, called Duqu, were almost identical. That’s why the experts believe that Duqu is used by someone behind Stuxnet, or by those having access to its code. Nevertheless, the purpose of Duqu is completely different, because it was designed as a precursor to a full Stuxnet attack.

It was found that Duqu is actually used to collect intelligence information from manufacturers of industrial control systems. All data grabbed from the 3rd parties could be later used to attack the actual targets, the same as stealing blueprints for an attack. Symantec claimed that design documents should be the basis for a further attack on an industrial control facility, and they have a reason to believe that the intruders have a specific list of targets.

In fact, Duqu is a remote access Trojan that deletes itself in a month, installing keyloggers and looking for data able to aid future attacks. Even if intruders fail to nab any data, the details are unavailable in all cases. Meanwhile, it turned out that a set of driver files was signed with real digital certificates that belong to a real company located in Taiwan. Of course, the certificates were immediately revoked, and experts tend to believe that they were obtained via theft rather than fraudulent ways.

Symantec admitted that it was rather difficult to predict the level of risk, because the company has just started building a profile of the intruders. However, taking into consideration the history of Stuxnet attacks, one can draw a conclusion that this was a well-organized group successfully performing coordinated attacks. At the moment the company is trying to see how the malware got onto computers and with what intentions, so it’s too early to say how worried the industry should be.

As for the targeted companies, Symantec only said that they were a variety of outfits, mostly manufacturers of industrial control systems that were based in Europe at the very least. Meanwhile, the experts believe that a similar method was also used to collect information before the initial Stuxnet attacks.

No comments:

Post a Comment