RSS Alerts

Share

More services

Related Links

  • Kaspersky Lab
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Duqu-linked privilege flaw discovered in Windows
    Microsoft has issued an advisory about a TrueType font parsing flaw that could be used to elevate privileges on a Windows-based system. The bad news, says M86 Security, is that the Duqu-related flaw has already been spotted in the wild, although Microsoft says it is still investigating the issue.
  • Dell reports Duqu not authored by same team as Stuxnet
    After analysing the Duqu trojan – first seen earlier this month – Dell SecureWorks says that its research labs' opinion is that the malware was not developed by the same team that coded up Stuxnet.
  • Duqu should act as an alarm for IT security professionals
    Responding to Symantec – and McAfee's – reports last week about the 'Son of Stuxnet' worm appearing and harvesting information from industrial control systems, Venafi says the Duqu malware is definitely a major security threat.
  • The Duqu, 'Son of Stuxnet', threat: the plot thickens
    Since Symantec caused a stir on Wednesday with the revelation that a new piece of systems control malware – known as W32.Duqu – had been spotted in the wild, several vendors have also added their own analyses to the mix, most notably that from McAfee.
  • 'Son of Stuxnet' discovered gathering intelligence on industrial control systems
    Symantec claims to have discovered a malware threat that has strong similarities to the Stuxnet malware that hit the headlines this time last year. Several industry commentators have dubbed the malware – known as W32.Duqu by the IT security vendor – as the Son of Stuxnet.

Top 5 Stories

News

Kaspersky on Duqu: same author, but wider industrial espionage agenda

14 November 2011

The latest monthly analysis of security threats by Kaspersky Lab concludes that, while the Duqu malware discovered last month has parallels with Stuxnet, it has a different agenda in terms of harvesting information.

According to the Moscow-headquartered IT security vendor, the striking parallels between the two malicious programs suggest they were either both written by the same group of people or that the Stuxnet source code – which has not been made publicly available – was used in its creation.

The bad news, however, is that there are significant differences between the two programs and, says Kaspersky, Duqu contains no functionality targeting industrial systems, as was the case with Stuxnet.

”As well as the main module, the Duqu files include an additional trojan-spy module capable of intercepting data entered via the keyboard, capturing screenshots, gathering information about the system etc”, says the report, adding that this all suggests industrial espionage is its primary aim.

Alexander Gostev, Kaspersky’s chief security expert, said that further investigation has managed to identify new Duqu victims, primarily in Iran, which once again echoes the parallels with Stuxnet.

“We also found new and previously unknown Duqu files. This confirms our suspicions that the people behind Duqu are continuing their activity, and their attacks, unlike the mass infections by Stuxnet, which target carefully selected victims”, he said.

“A unique set of files is used for every targeted attack. It is also possible that other modules are used, and not just a Trojan-Spy but modules with a range of other functions”, he added.

Duqu wasn’t the only malware seen during October, as Kaspersky says that the total number of malicious programs for Android outstripped that for Java 2 Micro Edition (J2ME) for the first time. This is despite malware for J2ME being the most prevalent among mobile threats for over two years.

“The fact that the growth in malware for Android has increased so dramatically indicates that for the time being the virus writers will most probably be concentrating on this operating system”, warned Denis Maslennikov, Kaspersky’s senior malware analyst.

The Apple Mac platform was also targeted during the month, with the arrival of Trojan-Downloader.OSX.Flashfake.d, a new version of the Flashfake trojan for Mac OS X that masquerades as an Adobe Flash Player installation file.

Like its predecessors, Kaspersky says that the trojan’s main function is to download files, although new functionality has been added that disables Mac’s built-in protection system Xprotect – a simple signature scanner that is updated on a daily basis.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012