Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - New Duqu Variant Discovered in Iran->

Submitted by wiredmikey
wiredmikey (1824622) writes "It’s been an interesting week in developments related to Duqu, the complex cyber-espionage malware often referred to as “Son of Stuxnet.” On Monday, Kaspersky Lab revealed details on what was a previously unknown programming language used in the “Duqu Framework”, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infects a system.

On Tuesday, Symantec came forward with details on a file that it recently received, which after being analyzed, proved to be a new variant of W32.Duqu—the first new version of Duqu that Symantec has found this year. While the sample received by Symantec isn't the full code used in the threat, it's the key component needed to fully infect a system—the loader file that loads the full malware and stores it in an encrypted state on a system once it restarts.

The newly discovered Duqu variant came from Iran, Vikram Thakur, principal manager, Symantec Security Response told SecurityWeek.

Information on the command and control server that the sample would potentially use to connect to was not available in the new file, Thakur said. "The author(s) changed the encryption algorithm they use to encrypt the other components on disk. Also the driver was changed to evade AV coverage. That leads us to believe development of Duqu is still ongoing."

While Duqu is assumed to have been created by the same authors as Stuxnet, unlike Stuxnet, it does not contain any components that attempt to control industrial control systems, but instead is primarily a remote access Trojan (RAT) designed to collect intelligence data and assets, possibly for use in future attacks."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Duqu Variant Discovered in Iran

Comments Filter:

It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten