Kaspersky claims Stuxnet and Duqu authors the same

Family of malware built on the 'Tilded' platform, which was first developed some four years ago

December 30, 2011
malware

Security firm Kaspersky claims to have found solid evidence that the team who authored Stuxnet also produced Duqu.

Previously this was thought to be the case, although experts weren’t certain whether Stuxnet had been reversed engineered in some manner by different authors to produce Duqu.

Following a detailed analysis, Kaspersky reckons that the authors were the same and used a single platform to develop both threats – a platform developed perhaps long before Stuxnet and used to produce previous pieces of malware.

The platform has been christened “Tilded” due to the fact that many of the created files start with a tilde symbol (~) and Kaspersky estimates that it was first developed around the end of 2007 or beginning of 2008.

This platform is likely to be developed further, too, Kaspersky notes, particularly given that now it has been uncovered alterations are certain to be made.

Overall, Kaspersky found seven types of drivers from the family with similar characteristics, and for three of them there’s no knowledge of which malicious program they were used in conjunction with.

Alexander Gostev, Chief Security Expert at Kaspersky, commented: “The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can’t be attributed either to the more targeted Duqu Trojan due to the compilation date.”

“We consider that these drivers were used either in an earlier version of Duqu, or for infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team”.

Further attacks using malware built on the adaptable platform seem a likely prospect, then.






 

Post a comment

Your email address will not be published. Required fields are marked *

Visited 3310 times, 4 so far today