Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

7 Facts On Duqu Malware Attacks

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Nov 2011 04:40:07 -0600 (CST)
http://www.informationweek.com/news/security/attacks/231903138

By Mathew J. Schwartz
InformationWeek
November 16, 2011
New information continues to emerge about the Duqu malware that was designed to steal information relating to industrial control systems.
The latest analysis of the Duqu malware has found that one of the components used in the attack was compiled in 2007. But Duqu was used in a targeted attack as recently as April 2011, pointing to a possible four-year attack campaign by Duqu's authors, whose identities and affiliations remain unknown.
What is known, however, is that to date, Duqu infected organizations in at least eight countries--including Iran--in part by using a still-unpatched Windows zero-day vulnerability. Furthermore, as researchers continue to study Duqu variants, these findings have emerged: 


1. Duqu was a boutique exploit.
To date, researchers have discovered "12 unique sets of Duqu files," said Alexander Gostev, chief security expert at Kaspersky Lab and author of a recent Duqu report. That's significant, since "for every victim, a separate set of attack files was created," he said via email. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: