I’m sure you are all familiar with the Stuxnet computer virus, but for those who are not clear on how it works, it was essentially a virus that was designed to mess up Iran’s nuclear weapons/energy infrastructure. Once it got into the computers at Iranian nuclear facilities, it tweaked the rotation speed on Uranium enrichment centrifuges. By speeding up or slowing down the spin of these centrifuges, it throws off the degree of enrichment that takes place, in the end making the Uranium useless for initiating a nuclear chain reaction. See the graphic below:
However, there is also a Trojan Virus called Duqu making the rounds. Duqu infiltrated computers by making use of a Windows kernel exploit, then installs itself on the computer, bundles information on the hard drive, encrypts it, and then sends that information off to places and personalities that are unknown at this time. Whoever is doing it has covered their tracks exceedingly well. According to Securelist.com, “We believe Duqu and Stuxnet were simultaneous projects supported by the same team of developers.”
The same report mentions that both Stuxnet and Duqu were probably developed in tandem, Duqu to facilitate the use of Stuxnet, presumably in an intelligence gathering function that would help Stuxnet penetrate the Iranian computer systems. However, Duqu is still active, and with only fifty or so known cases of infected computers, it appears that Duqu is specifically targeting certain computers in Iran, but also in Sudan and Europe.
“When you invest as much money as were invested in Duqu and Stuxnet, it’s impossible to simply shutdown the operation. Instead, you do what cybercriminals have learned to do through long experience – change the code to evade detection and carry on as usual,” writes Aleks for Securelist.
While its exact purpose remains a mystery, it seems that Duqu is still out there, prepping the battlespace and setting the conditions for the next Stuxnet-type attack on Iranian military interests.