Researchers: Stuxnet Virus Origin Dates to 2007

Duqu, Other Malware Believed Created on Same Platform

By , December 29, 2011.
Researchers: Stuxnet Virus Origin Dates to 2007

The roots of the Stuxnet virus that crippled Iran's nuclear program in 2010 and the related Duqu worm discovered this fall date back to 2007, new research suggests.

See Also: The Enterprise at Risk: The 2015 State of Mobility Security

Researchers from Kaspersky Lab say at least two other pieces of malware may have been developed on the same computing platform, perhaps by the same individuals.

"Despite the large volume of data obtained - most of which has yet to be published - we still lack the answer to the fundamental question: Who is behind Duqu?" Kaspersky Lab researchers Alexander Gostev and Igor Soumenkov asked in a blog posted Wednesday.

"We believe Duqu and Stuxnet were simultaneous projects supported by the same team of developers," the researchers said.

In terms of architecture, the platform used to create Duqu [dyü-kyü] and Stuxnet is the same, the blog said. The platform is known as Tilded. "Its authors are, for some reason, inclined to use file names which start with '~d,'" the Gostev and Soumenkov wrote.

The researchers said they uncovered several other details that suggest at least one piece of spyware was based on the Tilded platform in 2007 or 2008 as well as other programs whose functional remains unclear that were developed between 2008 and 2010.

"From the data we have at our disposal, we can say with a fair degree of certainty that the Tilded platform was created around the end of 2007 or early 2008 before undergoing its most significant changes in summer/autumn 2010," the bloggers wrote. "Those changes were sparked by advances in code and the need to avoid detection by antivirus solutions.

"There were a number of projects involving programs based on the Tilded platform throughout the period 2007-2011. Stuxnet and Duqu are two of them - there could have been others, which for now remain unknown. The platform continues to develop, which can only mean one thing: we're likely to see more modifications in the future."

In October, IT security provider Symantec reported a research lab had discovered on computers in Europe a worm very similar to Stuxnet dubbed Duqu (see New Stuxnet-Like Worm Discovered ). The Stuxnet virus was believed to have crippled centrifuges Iran uses to produce enriched uranium that could be used in a nuclear weapon. Speculation is that Israel and/or the United States are behind the development of Stuxnet.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Why POS Malware Still Works

New, advanced point-of-sale malware dubbed "Poseidon" can exfiltrate card data directly from every...

Latest Tweets and Mentions

ARTICLE Why POS Malware Still Works

New, advanced point-of-sale malware dubbed "Poseidon" can exfiltrate card data directly from every...

The ISMG Network