The proof of such a component, or something similar to it, was revealed by Symantec Corporation, the world’s largest security software maker, earlier this week after it received a sample dubbed Duqu [dyü-kyü] from an unidentified research lab.

Symantec says in its blog that Duqu shares a large amount of code with Stuxnet, but with a completely different payload. Instead of being designed to sabotage an industrial-control system, it has been given a payload that is armed with remote access and spying capabilities.

“Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last Stuxnet file we recovered,” the blog says.

Most experts studying Stuxnet believe that judging from the complexity of the programming, only a nation state would have the capacity to produce such a malicious system.

Further analysis of Stuxnet’s payload also revealed that it was designed specifically to target Siemens industrial software and hardware systems running on Microsoft Windows. More specifically, the malware targeted Siemens systems used by Iran’s nuclear-enrichment program, prompting speculation that Israel and the US were behind what became the world’s first weapon built entirely from code.

In September, Iran reported that 30,000 industrial computers in the country had been infected by Stuxnet, but denied the attacks had undermined its nuclear-energy program. On Nov. 29, 2010, Iranian President Mahmoud Ahmadinejad finally confirmed that a computer virus had caused problems with the controller handling the centrifuges at its Natanz nuclear facilities.

Although the creators of Stuxnet appear to be targeting a specific industrial system, security experts believe that the powerful cyber weapon is open to tinkering by any party through a reverse-engineering process, thus posing a threat to critical infrastructure such as power plants, airports, dams and traffic control systems — not to mention factories.

In Indonesia, although a high proportion of industrial-automation systems in the country rely on Siemens products, many doubt that such a threat would materialize. However, considering that the country is the second most infected by Stuxnet after Iran, the question arises whether down-playing such a threat is the right way forward.

A study of the spread of Stuxnet by Symantec in the early days of the infection showed that 18.22 percent of computers in Indonesia were affected, below Iran with 58.55 percent and above India with 8.31 percent.

It is still a mystery as to why Indonesia became so heavily infected, but experts believe that the use of portable-storage media like flash drives as a medium for data exchange, coupled by generally weak computer-security management, fueled the spread of the self replicating malware in the country.

Unlike Stuxnet, the threat posed by Duqu to local industries is considerably higher as its purpose is solely to gather intelligence data and assets from industrial-control system manufacturers in order to more easily conduct a future attack.

Symantec said that the Duqu threat had been highly targeted toward a limited number of organizations for their specific assets. “However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants,” it concluded.

When Symantec published its report on Tuesday, the company had just recovered additional variants from an organization in Europe with a compilation date of Oct. 17, 2011. These variants have not yet been analyzed.

This story is part of a series on computer security threats.

Popular

Airlines weigh Middle East cancellations after US strikes in Iran

Indonesia, Germany see new programs for migrant workers training

Acknowledging our dark past