Stuxnet, Duqu – sophisticated & modular

Recently, news reports of highly sophisticated computer viruses have emerged. One, the Stuxnet virus, attacks Programmable Logic Controllers (PLCs) and another, the Duqu trojan, steals data. The Stuxnet virus seems to be targeting Iran’s nuclear power plants, which draws suspicion on the United States and Israel. Kaspersky Lab, a Russian computer security company, has uncovered evidence that these two pieces of malware share the same platform. Kaspersky has named this platform “Tilded” due to the large number  files beginning with “~d”. Due to its clever sophistication, the “Tilded” platform enables a modular functionality that allows the attacker the ability to build new “modules” and simply plug them in. The analogy used in the article was: “It’s like a Lego set. You can assemble the components into anything…”. Kaspersky also suspects that the “Tilded”  platform was used to produce at least three addition pieces of malware, because the common components of Stuxnet and Duqu that search for each other, additionally search for to at least three other unknown pieces of malware.

I found this article interesting, because this is espionage of the cyber-age. A country no longer has to send spies into a volatile situation. Nowadays, a country can effectively spy and inflict damage (both virtual and real) on another country by turning the victim’s own hardware against them – and all from the comfort of the attacker’s own “living room”. Furthermore, when it is a government coordinated effort, the budget is large, the programming talent is high, and the resulting malware possesses immense sophistication. The reason I found this article particularly alarming is because this malware code went undetected for nearly a year, which not only  indicates how stealth-like it operated, but also how unprepared we are to detect and handle highly sophisticated malware. Also, other unsavory countries and lone hackers are likely to study this malware to improve the sophistication of their own cyber attacks, paralleling Bruce Schneider’s prediction of firewall ineffectiveness when he stated: “The effectiveness of firewalls will diminish… as malware writers catch on. This ‘tunnel-inside-and-play’ technique will only get worse.” Therefore, the effectiveness of antivirus software will diminish as the sophistication of malware writers improves – not to sound like a paranoid conspiracy theorist.