The digital hunt for duqu, a dangerous and cunning u. A common characteristic of stuxnet, duqu, flame, and gauss is that they hav e all been activ e for. Anyone can download stuxnet the source code is out there so its a natural assumption if the source code matches large parts that the creators of duqu had access to it and used it. Duqus precise relation to stuxnet remained a mystery when the group behind it went dark in. While its exact purpose remains a mystery, it seems that duqu is still out there, prepping the battlespace and setting the conditions for the next stuxnettype attack on iranian military interests. Stepson of stuxnet stalked kaspersky for months, tapped. The threat was written by the same authors or those that have access to the stuxnet source. Multiple duqu variants have reportedly been identified, though functional similarities between all the variants have yet to be confirmed. A complete guide to flame, the malicious computer virus. The structure of duqu is very similar to that of stuxnet using portable executable format resources. The duqu command and control protocol implements many of the same features as tcp and is a reliable transport protocol.
Stuxnet and duqu belonged to a single chain of attacks, which raised cyberwar related concerns worldwide, said eugene kaspersky, ceo and. Our duqu detector toolkit has been downloaded from more than 12,000 distinct ip addresses distributed over 150 countries. Flame, these researchers say, shares several notable features with two other major programs that targeted iran in recent years. New duqu version discovered in wild by symantec security. A new derivative of stuxnet, dubbed duqu is now making the. Cyberwarfare in the united states flame malware list of cyber attack threat. Duqu, son of stuxnet raises questions of origin and intent. Duqu is a collection of computer malware discovered on 1 september 2011, thought to be. Unlike stuxnet, duqu s payload appears to be related to information gathering. There is no industrial control systemspecific attack code in duqu.
Development timeline key to linking stuxnet, flame malware both used the same zeroday windows bugs, say experts, but the devil is in the chronology. The fact that the newly discovered duqu worm has portions of stuxnet code has led many security researchers to call it stuxnet 2. A stuxnetlike malware found in the wild request pdf. Both duqu and stuxnet use a kernel driver to decrypt and load certain encrypted files on the infected computer. In 2010, the stuxnet malware gained global notoriety as a weapon of cyberwar against iran. Symantec believes that duqu was created by the same authors as stuxnet, or that the authors. Once a system is infected, flame can spread to other systems over a local network or via usb stick. Nailing down a timeline for the development of flame, the supercyber.
Download duqu the document management system for free. Details emerge all three pieces of malware seemingly commissioned by the same entity and developed on the same platform, but by. Duqu has been targeted at industrial equipment manufacturers, illegally collecting information. Unlike stuxnet, duqu doesnt target plcscada equipment directly. And flame is a universal attacking tool kit used mostly for cyber espionage. However, duqu is also capable of encapsulating its command protocol over standard application layer protocols.
Flame, also known as flamer, skywiper, and skywiper, is modular computer malware. Development timeline key to linking stuxnet, flame malware. The primary infection vector is a malicious microsoft word document, which exploits a zeroday vulnerability in microsoft windows cve201402. It can record audio, screenshots, keyboard activity and network traffic. So there are so things that flame shares in common with stuxnet and duqu, and these are the vulnerabilities that are used by both types of malware. Stuxnet and duqu belonged to a single chain of attacks, which raised cyberwarrelated concerns worldwide, said eugene kaspersky, ceo and. Details emerge all three pieces of malware seemingly commissioned by the same entity and developed on the same platform, but by different groups of. Duqu is a remote access trojan rat that steals data from computers it infects. Our duqu detector has been downloaded from more than 12,000.
Like the previously known cyber weapons stuxnet and duqu, it is employed in. The duqu worm, the close cousin to the stuxnet worm that was first discovered in september 2011, is. Duqu is a system, which allows you to store a width range of documents and index them. Analysis of the flame worm win32flamer reveals some interesting facts about the internal structure of its main module. Meet flame, the massive spy malware infiltrating iranian. Duqu is capable of using its command and control protocol over port 443. Stepson of stuxnet stalked kaspersky for months, tapped iran nuke talks. The next tale in the stuxnet files help net security. This virus is definitely related to those two,which infected iranian nuclear computer.
Stuxnet was possibly the most complex attack of this decade, and we expected that similar attacks would appear in. W32 duqu s source code appears to be closely related to that of stuxnet. Duqu, stuxnet worms may come from different authors. The kernel driver serves as an injection engine for. In this paper, we will first present our analysis of duqu, an informationcollecting malware sharing striking similarities with stuxnet. A blog post from symantec explains, duqu is essentially the precursor to a future stuxnet like attack. The pandoras box of stuxnet, duqu, and flame pcworld. Researchers link flame virus to stuxnet and duqu the new. In the wake of stuxnet, two new threats have emerged which bear many similarities to stuxnet and appear to rely on stuxnet as a foundation.
1428 293 1128 448 2 1018 1010 252 355 1358 797 48 908 38 257 996 536 96 1528 107 1637 1265 1660 990 780 497 903 1257 1211 1562 1669 315 1027 973 984 1314 595 1384 272 1261 35 779 1460 847 689