clock menu more-arrow no yes

Filed under:

Stuxnet and Duqu are members of larger malware family, Kaspersky says

New, 15 comments

Kaspersky Lab alleges that infamous viruses Stuxnet and Duqu are members of a larger family of malware.

Kaspersky Lab logo
Kaspersky Lab logo

It had already been posited by security experts back in October that one of this year's more complex computer viruses — Duqu — was based on the same source code as last year's infamous (and highly sophisticated) Stuxnet worm designed to harm Siemens industrial controllers. Now, antivirus firm Kaspersky Lab is going one step further, saying that it has identified at least three other programs that appear to be using the same code base. The company has grouped all five pieces of malware into what it's calling the "Tilded" platform, so called because the developers were fond of using "~d" as filename prefixes. In fact, it wouldn't be unfair to call Tilded a full-fledged virus development platform unto itself: Kaspersky's director of research and analysis, Costin Raiu, calls it "a Lego set" that could be reassembled into virtually any form its creators so chose.

Though Stuxnet's developers have never identified themselves, it's widely believed that the worm could've been assembled by a government intelligence agency — possibly Israel or the United States — due to its level of sophistication, its unusual target, and its almost surgical means of infection and attack. And if Tilded is everything Kaspersky says it is, the men and women behind Stuxnet are sitting on an entire virus factory.