Fresh Duqu Variant Emerges, Demonstrates Duqu Gang Active
According to security researchers from Symantec, the gang controlling and operating Trojan Duqu seems as continuing to attack, changing the components to facilitate the info-stealing malware as it abuses fresh victims.
Reportedly, ever-since Duqu's foremost marking as an unprecedented malware with remarkable resemblances with Stuxnet, during February 2012, over 4-months later, the most recent Duqu driver was garnered. Incidentally, Stuxnet is that peculiar PC-worm which attacked Iranian nuclear plants.
Meanwhile, there are many modules and drivers of Trojan Duqu capable of infecting users' computers; taking commands from the distantly-situated (C&C) servers; as also filching extremely secret data. And rather than develop one malicious program possessing the features to contaminate many victims, researchers are sure that the drivers of the new Duqu variant are being customized towards suiting with distinct modules in the case of different targets, separately.
On March 19, 2012, the Security Response group of Symantec tweeted that it discovered freshly-collected #Duqu driver mcd9x86.sys in February 2012 with zero new features, while Stuxnet attackers continued to be greatly at it. Securitywatch.pcmag.com reported this on March 20, 2012.
Even Kaspersky, the security company, outlined one more sign that suggested the largely active nature of the Duqu criminal-gang. Accordingly, Director of Global Research and Analysis Team Costin Raiu for Kaspersky Labs states that the most recent Duqu version has been created for evading identification by the Duqu-identifying kit of open-source nature that CrySyS Lab issued. Zdnet.com published this dated March 20, 2012.
Raiu opined that when anybody spent the lot of money that was done for Stuxnet or Duqu for developing the current flexible framework, one couldn't just disregard it and begin afresh. According to him, the team forever stated that new Stuxnet/Duqu versions would most probably get created using that identical platform, however would have sufficiently different characteristics for making them unidentifiable with anti-malware programs as was the case currently. Pcworld.com published this on March 20, 2012.
Indeed, researchers remark, the latest happenings are suggestive of certain confidence among Duqu creators that their malicious program won't ever be attributable, while despite any public awareness of the Trojan, the creators couldn't be deterred.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 27-03-2012