Saturday, November 12, 2011

Kaspersky Lab warns of new Stuxnet-like malware called “DUQU”

Kaspersky Lab, a leading developer of secure content and threat management solutions, has released a warning of a new malicious program with similarities to the Stuxnet worm, which attacks computers that control industrial equipment, specifically those that are used for nuclear power plants.
Kaspersky Lab engineers identified the new worm as “Duqu,” first detected in September 2011 after a user from Hungary uploaded components of Duqu in a malware-analyzing website. Kaspersky Lab engineers then found other components being uploaded, which allowed them to compare the new worm to Stuxnet.

Though there are some overall similarities between the two worms Duqu and Stuxnet, there are also significant differences.

Shortly after several variants of Duqu had been found, the Kaspersky Lab experts started to track in real time infection attempts by the worm among users of the cloud-based Kaspersky Security Network (KSN). What was surprising was that during the first 24 hours, only one system had been infected by the worm.

Stuxnet, on the other hand, infected tens of thousands of systems all around the world; it is assumed that it had, however, a single ultimate target - industrial control systems used in Iran’s nuclear programs. The ultimate target of Duqu remains alarmingly unknown.

Analysis made by Kaspersky Lab experts showed that Duqu apparently possesses the malicious functionality of gathering information about the infected machine and also tracks key strokes made on its keyboard.

Alexander Gostev, chief security expert at Kaspersky Lab notes that despite the similarities to Stuxnet, they are still unable to find out Duqu’s real target. While Stuxnet targeted thousands of PCs that could control industrial equipment, Duqu only attacked one so far.

“We’ve not found any instances of infections of computers of our clients with the Trojan-Spy module of Duqu. This means that Duqu may be aimed at a small quantity of specific targets, and different modules may be used to target each of them,” Gostev said.

Gostev said that Kaspersky Lab is aiming to solve is the initial method of penetration of Duqu into a system.

"One of the yet-to-be-solved mysteries of Duqu is its initial method of penetration into a system: the installer or “dropper” needed for this has not yet been found. The hunt for this module of Duqu continues, and it is specifically this module that will help us in finding the ultimate target of this malicious program,"he said.

Stuxnet was among the most infamous malware found so far as it was claimed to target specific industrial equipment that operated nuclear power plants, particularly those in Iran. It was considered a major weapon for cyber warfare.


Cedric Lee said...

whoa this one's bad.

Lazarus said...

never heard of that one

Post a Comment

Blog Widget by LinkWithin