Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Spotted in Iran, trojan Duqu may not be "son of Stuxnet" after all (oh boy, tin foil hat time)

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » General Discussion Donate to DU
 
DainBramaged Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-27-11 01:53 PM
Original message
Spotted in Iran, trojan Duqu may not be "son of Stuxnet" after all (oh boy, tin foil hat time)
A year after the Stuxnet worm targeted industrial systems in Iran and surprised security researchers with its sophistication, a new Trojan called Duqu has spread through the wild while being called the “Son of Stuxnet” and a “precursor to a future Stuxnet-like attack.” Researchers from Symantec say Duqu and Stuxnet were likely written by the same authors and based on the same code.

But further analyses by security researchers from Dell suggest Duqu and Stuxnet may not be closely related after all. That’s not to say Duqu isn’t serious, as attacks have been reported in Sudan and Iran. But Duqu may be an entirely new breed, with an ultimate objective that is still unknown.

A report yesterday from Dell SecureWorks analyzing the relationship to Stuxnet casts doubt on the idea that Duqu is related. For example, Dell says:

•Duqu and Stuxnet both use a kernel driver to decrypt and load encrypted DLL (Dynamic Load Library) files. The kernel drivers serve as an "injection" engine to load these DLLs into a specific process. This technique is not unique to either Duqu or Stuxnet and has been observed in other unrelated threats.
•The kernel drivers for both Stuxnet and Duqu use many similar techniques for encryption and stealth, such as a rootkit for hiding files. Again, these techniques are not unique to either Duqu or Stuxnet and have been observed in other unrelated threats.
And while Stuxnet and Duqu each “have variants where the kernel driver file is digitally signed using a software signing certificate,” Dell says this commonality is insufficient evidence of a connection “because compromised signing certificates can be obtained from a number of sources.”

http://arstechnica.com/business/news/2011/10/spotted-in-iran-trojan-duqu-may-not-be-son-of-stuxnet-after-all.ars


These trojans aren't your garden variety 'pay me right fucking now or you'll never be able to use your computer again' trojans. These are more sinister. The Government made variety, even above the mentality of cave dwellers to comprehend....
Printer Friendly | Permalink |  | Top
StandingInLeftField Donating Member (382 posts) Send PM | Profile | Ignore Thu Oct-27-11 02:12 PM
Response to Original message
1. It's coming, and when it does, it will be hard and fast.
Sounds like a porno flick?

I wish!
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Thu Apr 18th 2024, 02:47 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » General Discussion Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC