Symantec Cautions about Stuxnet Offshoot
Security investigators from Symantec are alerting of one fresh malware item having stark resemblances with Stuxnet, the enigmatic PC-virus, which attacked Iran's nuclear installations, published Zdnet.com in news on October 18, 2011.
Named as W32.Duqu, the latest malware represents a RAT (remote access Trojan), which apparently the Stuxnet creators have coded, or at the minimum, somebody who knows the source code of Stuxnet, Symantec states.
Additionally Symantec says, it has substantiated that the Duqu malware almost resembles Stuxnet though has an entirely different goal. Computerworld.com published this on October 18, 2011.
The objective of Duqu is for collecting targets' confidential data as well as assets where the targets generally are manufacturers of industrial control mechanisms so that a future assault can be more effortlessly executed on one more 3rd-party. The online crooks are searching details like design files with which they can wage a future assault against a facility for industrial regulation, Haley, a Symantec specialist adds.
Besides, Haley notes that the investigators at Symantec hitherto have studied 2 versions of Duqu which targeted a system and pulled down onto it a program designed for remote access that let the strains gain hold over the infected PC as also start interacting with a central C&C (command-and-control) server. The investigators also find that one strain from the duo planted a Trojan that stole info, while intercepting map-networks and keystrokes. Duqu is tailored for erasing itself following a 36-days stay, the specialist explains. SCMagazineUS.com published this on October 18, 2011.
Fascinatingly, the latest malicious program is undergoing analysis elsewhere too where other security researchers are presenting their views.
Thus, Security Company McAfee posts in its blog that even if the basic source code might remain identical, Duqu doesn't possess the PLC (Programmable Logic Controller)-hijacking abilities of Stuxnet, the worm preceding Duqu. Duqu loads encrypted Dynamic Link Libraries (DLLs) and drivers onto contaminated systems just like the Stuxnet, while the code that's injected, along with many, if not all, tactics and encryption keys that Duqu employs, are very much similar to those that Stuxnet employed, the company claims. PCWorld.com published this on October 19, 2011.
» SPAMfighter News - 27-10-2011