A new strain of malware with close ties to the notorious Stuxnet has emerged. Symantec reports that Duqu shares some of Stuxnet’s codebase, indicating either that it comes from the same developers, or that it has been developed by someone with access to Stuxnet.
Sophos notes that it’s too early to make any absolute determinations about the origins of Duqu; about who created it, and why. But the history of Stuxnet – which some believe was created by the US or Israeli military specifically to target Iranian systems – means that any variant is going to attract a great deal of attention.
It’s reportedly the driver files’ signatures that provide the strongest link to Stuxnet. There are many elements of the original Stuxnet release that are still something of a mystery to analysts, and Duqu adds some more layers to that mystery. It will take time to work out exactly what Duqu is and how it is being deployed.