Kaspersky Lab argues same team built Stuxnet and Duqu

Kaspersky Lab researchers have concluded that the Duqu malware discovered in the latter half of 2011 was indeed created by the same team that built the infamous Stuxnet worm largely thought to have been aimed specifically at disrupting Iran's nuclear program.

In a recent blog post, the firm's chief security expert Alexander Gostev argued that the same platform, dubbed "Tilded" was used by the team to create the two Trojans and other malware besides.

Key to the researchers' conclusions was an in-depth analysis of the drivers used for infecting systems with Stuxnet and Duqu.

In all, they found seven types of drivers with similar characteristics, but argued that for three of these there is no information on what malicious programs they were designed to be used with.

"The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can't be attributed either to the more targeted Duqu Trojan due to the compilation date," said Gostev.

"We consider that these drivers were used either in an earlier version of Duqu, or for infection with completely different malicious programs, which moreover have the same platform and, it is likely, a single creator-team."

The creators of Stuxnet and Duqu create a new version of the driver several times a year, changing parameters such as the registry key, according to Kaspersky Lab.

The conclusions reached by Kaspersky Lab fly are at odds with some others in the security space, notably BitDefender, which argued that the aims of the two Trojans were too conflicting for them to have been built by the same team.