Dugu, A New Malicious Program Suspected to be by the Creators of Stuxnet

[Student26]

It would appear that Stuxnet as only the beginning a New York Times article (based off of a Symantec post and white paper) has this to say:

The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say. . .

The researchers say the new malicious program, which they call Duqu, is intended to steal digital information that may be needed to mount another Stuxnet-like attack.

The researchers, at Symantec, announced the discovery on the company’s Web site on Tuesday, saying they had determined that the new program was written by programmers who must have had access to Stuxnet’s source code, the original programming instructions.

“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

They said the Duqu program was found in Europe in a narrowly limited group of organizations, “including those involved in the manufacturing of industrial control systems.”

In contrast to Stuxnet, Duqu has been found in only a handful of organizations to date. The program is designed to last 36 days and then remove itself from the system it infected.

Like Stuxnet, Duqu tries to prove its authenticity by using a stolen digital certificate, this one apparently taken from a Taiwanese company. Symantec officials were able to revoke the security certificate after it was discovered stolen because the company owns the VeriSign authentication service that controls the certificate infrastructure. . .

The researchers identify a wide variety of similarities between Duqu and Stuxnet and said that the new program could not have been written without having access to the original programmer’s instructions. It has been previously noted that Stuxnet had both an attack capability as well as the ability to spy on the computers it infiltrated.

Security researchers have argued that the Stuxnet attackers were able to gather valuable intelligence information about the Iranian nuclear program as well as damage the control equipment at Natanz.

The Symantec researchers said they had not been able to determine how the Duqu code reached its target. Stuxnet used a wide range of system vulnerabilities, leading to speculation that it could have been written only by an organization with the resources of a national intelligence agency. Mr. Thakur said of Duqu, “This is extremely sophisticated, this is cutting edge.”

If you are interested Symantec has a page with links to articles on Dugu.

[leofelix]

Thank you
a free removal tool is available here
http://www.duquremoval.com

(from BitDefender and available for Win XP/Vista/7 x64, also)