+ Reply to Thread
Results 1 to 2 of 2

Thread: After Stuxnet, its Duqu now! Share/Save - My123World.Com!

  1. 03-09-2012, 06:45 PM #1
    prashant_uniyal
    prashant_uniyal is offline
    Security Analyst prashant_uniyal has a spectacular aura aboutprashant_uniyal has a spectacular aura aboutprashant_uniyal has a spectacular aura about prashant_uniyal's Avatar
    Join Date
    Jul 2010
    Location
    localhost
    Posts
    501
    Blog Entries
    8
    Thanks
    249
    Thanked 105 Times in 55 Posts

    After Stuxnet, its Duqu now!



    Artificial intelligence in the form of worms and malwares is the latest weapon in the cyber warfare. Few times back, we had seen how stuxnet had created havoc in Iran by affecting SCADA systems and damaging the nuclear program. Duqu is the new in the making, a new weapon in the cyber arena. Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information.

    Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. Duqu infects a computer through a targeted attack involving a Word document which exploits the CVE-2011-3402 vulnerability. This is a 0-day vulnerability in the Windows kernel component Win32k.sys which allows the attackers to run code with the highest privilege level, bypassing pretty much most of the protection mechanisms from Windows or security software. According to our knowledge, Duqu is the only malware using this vulnerability to infect computers. All Kaspersky Lab security solutions detect this vulnerability under the name Exploit.Win32.CVE-2011-3402.a as of November 6, 2011. Duqu was brought to the attention of the security community by the Hungarian Research Lab CrySyS. They were the first to point out the resemblance to Stuxnet and perform what remains the most thorough analysis of the malware yet.

    The first Duqu attacks were spotted as early as mid-April 2011. The attacks continued in the following months, until October 18, when news about Duqu was made public.It appears that there are at least seven variants of the Duqu drivers, together with a few other components. These are all detected with different names by various anti-virus companies, creating the impression that there are multiple different variants.Its still uncertain which language have been used to code it though kasperlab researcher found that Duqu’s Payload library (DLL) looks like a common Windows PE DLL compiled in Microsoft’s Visual Studio 2008. Lets uncover the mystery and find the truth. Till then stay tuned with us !

    Source: http://blog.secfence.com/2012/03/aft...-its-duqu-now/
    The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
    __________________________________________________ _____________________

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    Reply With Quote Reply With Quote
  2. 06-19-2012, 09:30 PM #2
    H@CK3R_ADI
    H@CK3R_ADI is offline
    Garage Member H@CK3R_ADI is on a distinguished road
    Join Date
    Jun 2012
    Location
    Unkn0wn City,Unkn0wn State,Unkn0wn Country,Unkn0wn Continent,PLanet Eart,Milkyway Galaxy,Virgo Super
    Posts
    51
    Thanks
    8
    Thanked 3 Times in 3 Posts
    even AV companies are stiil not confirm in which language it is coded.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules