Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Symantec Cautions about Stuxnet Offshoot

Security investigators from Symantec are alerting of one fresh malware item having stark resemblances with Stuxnet, the enigmatic PC-virus, which attacked Iran's nuclear installations, published Zdnet.com in news on October 18, 2011.

Named as W32.Duqu, the latest malware represents a RAT (remote access Trojan), which apparently the Stuxnet creators have coded, or at the minimum, somebody who knows the source code of Stuxnet, Symantec states.

Additionally Symantec says, it has substantiated that the Duqu malware almost resembles Stuxnet though has an entirely different goal. Computerworld.com published this on October 18, 2011.

The objective of Duqu is for collecting targets' confidential data as well as assets where the targets generally are manufacturers of industrial control mechanisms so that a future assault can be more effortlessly executed on one more 3rd-party. The online crooks are searching details like design files with which they can wage a future assault against a facility for industrial regulation, Haley, a Symantec specialist adds.

Besides, Haley notes that the investigators at Symantec hitherto have studied 2 versions of Duqu which targeted a system and pulled down onto it a program designed for remote access that let the strains gain hold over the infected PC as also start interacting with a central C&C (command-and-control) server. The investigators also find that one strain from the duo planted a Trojan that stole info, while intercepting map-networks and keystrokes. Duqu is tailored for erasing itself following a 36-days stay, the specialist explains. SCMagazineUS.com published this on October 18, 2011.

Fascinatingly, the latest malicious program is undergoing analysis elsewhere too where other security researchers are presenting their views.

Thus, Security Company McAfee posts in its blog that even if the basic source code might remain identical, Duqu doesn't possess the PLC (Programmable Logic Controller)-hijacking abilities of Stuxnet, the worm preceding Duqu. Duqu loads encrypted Dynamic Link Libraries (DLLs) and drivers onto contaminated systems just like the Stuxnet, while the code that's injected, along with many, if not all, tactics and encryption keys that Duqu employs, are very much similar to those that Stuxnet employed, the company claims. PCWorld.com published this on October 19, 2011.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

ยป SPAMfighter News - 10/27/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page