'Son of Stuxnet' Worm Found in Europe
Duqu designed to gather information on industrial systems, Symantec says
By Rob Quinn,  Newser Staff
Posted Oct 20, 2011 5:44 AM CDT
Stuxnet was first detected at Iranian nuclear facilities around 18 months ago.   (AP Photo/IIPA,Ebrahim Norouzi)

(Newser) – A new computer virus found in Europe and the Middle East bears a strong resemblance to the Stuxnet worm that attacked Iran's nuclear facilities, security experts say, but the Duqu malware's target is still unclear. Security firm Symantec says Duqu appears to be designed to gather information on industrial control systems, while McAfee believes the malware was designed to attack Certificate Authorities, which issue the digital certificates that validate Internet sites, the Sydney Morning Herald reports.

For now, Duqu doesn't appear to be an attack of the kind that hit Iran, but "an attack in the making," a McAfee exec says. "It's someone using it for a reconnaissance step," but it could be weeks before its real target is known, he says. "Now we're starting to go out investigating, even today there were some examples where we're seeing it's live. In the next couple of weeks we'll see if it's active. Because we're now out looking, we're getting a lot more data on this."