Duqu And Stuxnet Have Three Brothers And Their Last Name Is “Tilded”

Based out of Moscow, Kaspersky Labs has been investigating the Stuxnet and Duqu viruses and has found that they are only a small part of a family of similar viruses. There are thought to be 3 other viruses that have yet to be found that work in concert with Stuxnet and Duqu. This was found because both Duqu and Stuxnet search for 3 other registry keys all starting with ~D, also known as “Tilded”. Stuxnet is a worm, and Duqu is a trojan so the other 3 programs could be any of a variety of types of computer viruses or malware, each with their own advantages and disadvantages. Note that I'll just use the word virus to talk about the variety of malicious software in all it's form for ease of use.

We know that Duqu is an information gathering tool that gathers information about SCADA systems, and Stuxnet is used to target certain SCADA systems and cause them to fail, but we don’t yet know the functions of the other 3 viruses. We can only guess at their possible functions, but it’s probably safe to say that they also are used to target SCADA systems. Kaspersky hadn’t been able to find out who designed the malware, but they were able to find out that they were compiled on a Windows system. It’s thought that the Pentagon may have something to do with these programs, but they still continue to decline comment when asked about the subject.

Having modules that can be changed around and upgraded actually increases the scariness of these already scary viruses. Each module can possibly be used independently or in concert with other ~D viruses to achieve maximum effect. Should a cure for one of these viruses be found, that part of the virus can be updated and changed and still have 4 other working parts, without having to redesign the entire virus. Anti-virus companies have already began adding code to their software to help defend against Stuxnet and Duqu, but without knowing precisely what the other 3 programs are, it’s going to be difficult to protect against them.

I could guess as to what the 3 programs are for, but there’s no telling how wrong I could possibly be. So, I’d like any reader of this story to make guesses in the comments section. Maybe together we can get a good idea of what might be lurking out there. Here at GUO, you can post comments without having to register for anything.

No comments :

Post a Comment