Friday, 6 January 2012

Stuxnet Wasn’t the Only Malware of Its Kind


According to the Russian computer security company Kaspersky Lab, the Stuxnet virus, known worldwide for damaging Iran's nuclear program, was most likely one of at least 5 cyber weapons based on the same platform.

Kaspersky experts have tracked the development of the malware back to 2007. As you may remember, Stuxnet has already been linked to another malware called Duqu. However, the research conducted by Kaspersky Lab suggests that the cyber weapons software which has targeted Iran might be much more sophisticated. According to Kaspersky's director of global research, Costin Raiu, the platform used to build both Stuxnet and Duqu was also used to design at least 3 other pieces of malware. This platform was made up of software modules developed in such a way that they were locked together, each with different functions. In other words, developers are able to create new cyber weapons by easily adding and removing modules.

Kaspersky explained that the platform used to create Stuxnet is similar to Lego. They called it "Tilded", because most of the files in both Duqu and Stuxnet had names starting with the tilde symbol "~" and the letter "d". Thus far, Kaspersky Lab hasn’t discovered any new types of malware built on this platform, but it is fairly clear that they do exist somewhere. Shared parts of the malware look to link up with their relatives. The search they perform uses at least 3 other unique registry keys, which means that the developers of both Stuxnet and Duqu also created at least 3 other pieces of malware based on the same platform. Kaspersky experts think that Tilded platform traces back to at least 2007, as a part of its code was compiled in the end of the summer 2007.


Post a Comment

Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting