A virus has been discovered on computer systems in Europe that is similar to Stuxnet, the worm found on Iranian nuclear control systems last year.
Duqu, which was detetected by a research lab with links to security software vendor Symantec, is designed to gather intelligence and assets from organisations including as industrial control system manufacturers, possibly in order to detect weaknesses against cyber attack.
"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility," the Symantec blog post said.
Duqu uses fake image files to steal information from compromised systems and sent it to a command and control server that is still operational, according to Symantec.
Unlike Stuxnet, Duqu does not self-propagate, and is not designed to sabotage industrial systems. In fact, the virus has a 36 day self-destruct mechanism built into it, probably to help prevent its discovery. The most recent version of Duqu was compiled on Monday of this week.
F-Secure’s Mikko Hypponen tweeted that "Duqu’s kernel driver (JMINET7.SYS) is so similar to Stuxnet’s driver (MRXCLS.SYS) that our back-end systems actually thought [it was] Stuxnet."
Symantec concludes that the data which Duqu is shipping out of the infected systems "may be used to enable a future Stuxnet-like attack".
The Stuxnet worm was designed to sabotage supervisory control and data acquisition (SCADA) systems made by German technology giant Siemens, and was targetted at nuclear power plants in Iran.
This prompted fears that hackers could take control of nuclear facilities, although the dominant theory is that US and Israeli intelligence forces had a hand in its creation. In February, the Daily Telegraph reported that a video played at the retirement party of an Israeli Lieutenant General depicted Stuxnet among images of his professional achievements.