Stuxnet may have up to 4 malware siblings made on the same platform

Stuxnet has been called the most sophisticated computer worm ever created. We know there are siblings to the malware which took down Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may be up to four other worms in the family tree.

In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable malware targets an industrial control system called SCADA, which operates as a management tool for commercial grade software and hardware. It shut down the equipment responsible for creating fuel for nuclear weapons, which Iranian president Mahmoud Ahmadinejad later admitted. In 2011, the Duqu virus was discovered and named as part of the Stuxnet family of malware, bringing the count up to two highly sophisticated worms.

According to a report by Reuters, Russian security company Kaspersky Labs has identified three others. When originally found, Kaspersky said Stuxnet was so mature it could have been made by an intelligence agency. Later, the United States and Israel were both blamed for its creation and eventual dispersal. Neither country has taken responsibility.

Though we don’t know what lab the worms originated from, the same one gave birth to both Stuxnet and Duqu as well as the three siblings. Kaspersky discovered this after observing the two virus’ attempt to find the other three. Costin Raiu, the firm’s director of global research and analysis, explained that when the two are deployed, they search for registry keys that allow them to fully install their malware. When searching for those keys, however, Kaspersky found Stuxnet and Duqu were both searching for three other keys. This means that the worms have siblings that work in tandem with it, strengthening its damaging power.

“It’s like a Lego set. You can assemble the components into anything: a robot or a house or a tank,” Raiu told Reuters.

Stuxnet specifically attacks equipment running on the Windows operating system. It can erase its tracks, pose as certificate-baring legitimate software and multiply on its own. Duqu, on the other hand, acts as a Trojan, stealing data, potentially acting in the planning stages of an attack.

It’s not yet clear what the siblings can do, but it seems the existing sisters want a reunion.

via Reuters, Malware image via Shutterstock