Stuxnet had five cousins

Russian computer security outfit Kaspersky Lab said that the Stuxnet virus that damaged Iran’s nuclear programme was likely to be one of at least five cyber weapons developed on a single platform.

The security boffins have tracked the development of the virus back to 2007.

Stuxnet has already been linked to another virus called Duqu, but Kaspersky’s research suggests the cyber weapons program that targeted Iran may be far more sophisticated.

Kaspersky’s director of global research  Costin Raiu, told Reuters  that the platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.

The platform is made up of software modules designed to lock together, each with different functions. It means that developers can build new cyber weapons by simply adding and removing modules, he said.

Raiu said that the platform used to create Stuxnet was like Lego. He has dubbed it “Tilded” because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol “~” and the letter “d.”

So far, Kaspersky has not found any new types of malware built on the Tilded platform, Raiu said, but it is fairly certain that they exist. Shared parts of the program look to link up with their relatives.

That search uses at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he said.

Kaspersky believes that Tilded traces back to at least 2007 because some of the code was compiled on August 31, 2007.