More malware created by Stuxnet team says Kaspersky

Kaspersky Lab researchers says it is likely that the creators of Stuxnet and Duqu may have created other malware

Tags: Cyber crimeDuqu Kaspersky LabMalware
  • E-Mail
More malware created by Stuxnet team says Kaspersky Kaspersky researchers found similarities between Stuxnet and Duqu drivers, and other drivers not yet linked to specific malware.
By  Mark Sutton Published  January 16, 2012

Kaspersky Lab has reported that it believes the cybercriminals behind the Duqu and Stuxnet trojans may have created other malicious applications which have yet to be discovered.

Security experts from Kaspersky who were investigating the Duqu and Stuxnet trojans, used to attack Iran's nuclear research programme, found similarities between drivers and other features of the malware. The researchers believe that the creators of both Trojans used a single platform, dubbed ‘Tilded', because of the tendency of its creators to use files that start with the ~ tilde symbol.

Kaspersky Lab then found similarities with another driver, that was compiled one year before the Stuxnet drivers, although it was only discovered last year. Further to that discovery, the company's researchers then uncovered a total of seven types of drivers that displayed similar characteristics. For three of the seven, no information has been uncovered to show what malware they were used with.

Kaspersky's researchers believe that were used either with an earlier version of Duqu, or with malware which has not been revealed so far, with a single team responsible for their creation. The researchers also believe that the team is creating new drivers several times each year, for loading the main module of the malicious program.

Alexander Gostev, chief security expert at Kaspersky Lab, commented: "The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can't be attributed either to the more targeted Duqu Trojan due to the compilation date. We consider that these drivers were used either in an earlier version of Duqu, or for infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team".

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code