New Virus Duqu is out, say antivirus firms

A new virus has been identified by antivirus firms, including Symantec and McAfee. The new virus named Duqu is said to be similar to Stuxnet.

Stuxnet was discovered in 2010, by leading security software firms, such as Symantec Corporation in the United States and Kaspersky Labs in Russia. The virus targeted the nuclear power plants of Iran. Though no one came forward to take the responsibility for Stuxnet, IT security firms are 100 per cent sure that it was the creation of a government agency.

Successor of Stuxnet – Duqu was discovered in September 1 and since then all the major firms of security software are working together to crack its code. According to them, Duqu seems to be more sophisticated than Stuxnet.

Symantec said, Duqu got its name “because it creates files with the file name prefix ~DQ.” Leading security firms believes that Duqu was coded by the same people who coded Stuxnet. Symantec said, “parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.”

Although Dugu is identical to Stuxnet, it has a totally different purpose. Unlike Stuxnet, which had codes related to industrial nuclear plants, Duqu does not have any such code, primarily it is a remote access Trojan (RAT). Duqu targets only some organizations for a specific asset, whereas Stuxnet targeted many systems looking for a specific target.

Symantec wrote on its website, “Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.”

Adam Wosotowsky, McAfee senior research analyst believes that the current propagation of the virus Duqu might just be the start of a larger operation. He said, “This seems to be the reconnaissance phase of something much larger.” Wosotowsky believes that Duqu was created to target certain organizations and assets in Eastern Europe, Africa, India, and the Middle East.