'New Stuxnet' worm targets companies in Europe

http://www.guardian.co.uk/technology/2011/oct/19/stuxnet-worm-europe-duqu

Experts suspect Duqu worm is from same source that targeted Iran's nuclear facilities - widely said to have been US and Israel

A highly sophisticated computer worm which has many of the same characteristics of the virus used to attack Iran's nuclear programme has been discovered targeting companies in Europe.
Although the virus appears to have been spying on the systems it infiltrates - rather than attempting to vandalise them - experts say its code is so similar to the Stuxnet worm that attacked Iran, that it may have been engineered by the same people.
The US and Israel were widely thought to be behind Stuxnet, which sent many of the centrifigues at Tehran's nuclear facilities spinning out of control. It took this kind of cyberwarfare to a new level.
The new virus was discovered by Symantec, a leading cybersecurity firm, and has been called Duqu.
Symantec would not disclose which firms had been targeted, but the company said one of its customers raised the alarm on Friday. An internal system at the firm "raised a number of red flags" and an investigation was launched.
"The majority of the code is consistent with the Stuxnet code," said a spokesman for Symantec. "So this new worm either came from the authors of Stuxnet, or someone was given access to the Stuxnet source codes."
Symantec said that the information Duqu gathers is sent to a server in India, but that this doesn't give any likely indication of who launched it, or who is accessing the material it finds.
It believes Duqu has been targeting a specific number of organisations in Europe and was designed to automatically remove itself from systems after 36 days.
Symantec suspects that Duqu may have been the first in a wave of new Stuxnet-style viruses, and that further sophisticated versions of it with a more aggressive purpose may emerge in the coming months.
Its experts suspect Duqu was looking for information such as design documents, which could help it mount a future attack on an industrial control facility.
"Stuxnet really laid new territory in terms of being able to get into and being able to control these nuclear power facilities [in Iran]," said the spokesman.
"The significance here is that since Stuxnet we have not seen anything else of that level of complexity. It has gone a little quiet since then. The question we are now asking is: 'Do they have a new goal or purpose?'"
The fear would be that Stuxnet-style viruses become mainstream, he added.
According to the New York Times, Symantec launched its inquiry after being contacted by a "research lab with strong international connections". .
A Symantec's analyst, Vikram Thakur, told the newspaper: "This is extremely sophisticated, this is cutting edge."
Stuxnet showed that cyberwarfare is developing fast, and is increasingly being thought of by states as a means of inflicting maximum damage with minimum risk. Earlier this year the Guardian revealed that the UK is developing its own "first strike" capability, and is investing millions in beefing up security around key services such as energy, and government departments such as the Ministry of Defence.