[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] 7 Facts On Duqu Malware Attacks


By Mathew J. Schwartz
November 16, 2011

New information continues to emerge about the Duqu malware that was designed to steal information relating to industrial control systems.

The latest analysis of the Duqu malware has found that one of the components used in the attack was compiled in 2007. But Duqu was used in a targeted attack as recently as April 2011, pointing to a possible four-year attack campaign by Duqu's authors, whose identities and affiliations remain unknown.

What is known, however, is that to date, Duqu infected organizations in at least eight countries--including Iran--in part by using a still-unpatched Windows zero-day vulnerability. Furthermore, as researchers continue to study Duqu variants, these findings have emerged:

1. Duqu was a boutique exploit.

To date, researchers have discovered "12 unique sets of Duqu files," said Alexander Gostev, chief security expert at Kaspersky Lab and author of a recent Duqu report. That's significant, since "for every victim, a separate set of attack files was created," he said via email.


Subscribe to InfoSec News - www.infosecnews.org