Thread: After Stuxnet, its Duqu now!
03-09-2012, 06:45 PM #1
- Join Date
- Jul 2010
- Blog Entries
- Thanked 105 Times in 55 Posts
After Stuxnet, its Duqu now!
Artificial intelligence in the form of worms and malwares is the latest weapon in the cyber warfare. Few times back, we had seen how stuxnet had created havoc in Iran by affecting SCADA systems and damaging the nuclear program. Duqu is the new in the making, a new weapon in the cyber arena. Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information.
Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information. Duqu infects a computer through a targeted attack involving a Word document which exploits the CVE-2011-3402 vulnerability. This is a 0-day vulnerability in the Windows kernel component Win32k.sys which allows the attackers to run code with the highest privilege level, bypassing pretty much most of the protection mechanisms from Windows or security software. According to our knowledge, Duqu is the only malware using this vulnerability to infect computers. All Kaspersky Lab security solutions detect this vulnerability under the name Exploit.Win32.CVE-2011-3402.a as of November 6, 2011. Duqu was brought to the attention of the security community by the Hungarian Research Lab CrySyS. They were the first to point out the resemblance to Stuxnet and perform what remains the most thorough analysis of the malware yet.
The first Duqu attacks were spotted as early as mid-April 2011. The attacks continued in the following months, until October 18, when news about Duqu was made public.It appears that there are at least seven variants of the Duqu drivers, together with a few other components. These are all detected with different names by various anti-virus companies, creating the impression that there are multiple different variants.Its still uncertain which language have been used to code it though kasperlab researcher found that Duqu’s Payload library (DLL) looks like a common Windows PE DLL compiled in Microsoft’s Visual Studio 2008. Lets uncover the mystery and find the truth. Till then stay tuned with us !
Source: http://blog.secfence.com/2012/03/aft...-its-duqu-now/The three great essentials to achieve anything worth while are: Hard work, Stick-to-itiveness, and Common sense. - Thomas A. Edison
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
06-19-2012, 09:30 PM #2
- Join Date
- Jun 2012
- Unkn0wn City,Unkn0wn State,Unkn0wn Country,Unkn0wn Continent,PLanet Eart,Milkyway Galaxy,Virgo Super
- Thanked 3 Times in 3 Posts
even AV companies are stiil not confirm in which language it is coded.