Duqu Developers not Same as Stuxnet Creators
The research group namely CTU (Counter Threat Unit) of Dell SecureWorks after studying the Duqu Trojan that was much in discussion earlier during October 2011, says that the developers of the malware aren't the same people who coded Stuxnet, published Help Net Security dated October 28, 2011.
Reportedly, following some weeks since the discovery of Duqu, the Trojan is still drawing attention of the security researchers worldwide since its recognition as the perpetrator of 4 assaults in Sudan and Iran.
Meanwhile, security researchers belonging to a few prominent AV companies such as Kaspersky and Symantec said that Duqu would be Stuxnet's variant, the latter known to fearfully bring down Iranian nuclear plants. In particular, Kaspersky said that Duqu was a widely used malware for executing personalized assaults to achieve select objectives, while it could be customized as per the task, which was slowly delegated.
Moreover, Dell SecureWorks reports that Duqu whose code is 300Kb in size compared to Stuxnet of 500Kb may be the future Stuxnet's precedence and though it resembles the actual malicious program, it apparently has a different objective viz. collecting intelligence related to the control systems of industrial machines.
Also, both Stuxnet and Duqu have rootkit-like characteristics, one of them being the implementation process of the level driver featured in kernel as also the way it loads DLL files that have been encrypted. Conspicuously, the two malware commonly utilize JMicron the Taiwanese firm's driver-signing certificate to authorize their specific kernel file.
Nevertheless, as different from Stuxnet, Duqu doesn't use any zero-day flaw during its attack, as also it doesn't seem to multiply. Most importantly, according to Dell SecureWorks, Duqu doesn't attack any particular industry that shows that it was probably not meant to be low-level, personalized malicious program and thus hard to handle like an APT (advanced persistent threat).
In the meantime, according to the security researchers, the infection technique of the malware continues to be a mystery, a peculiarity within bulk-generated malicious programs, which exhaustively utilizes e-mail and drive-by websites. Indeed, it's still due of researchers for retrieving the install software that would present additional details regarding its source.
Related article: Dixie College Suffers Data Hack
» SPAMfighter News - 07-11-2011