W32.Duqu: The Precursor to the Next Stuxnet
نویسندگان
چکیده
On October 14, 2011, we were alerted to a sample by the Laboratory of Cryptography and System Security (CrySyS) at Budapest University of Technology and Economics. The threat appeared very similar to the Stuxnet worm from June of 2010 [1]. CrySyS named the threat Duqu [dyü-kyü] because it creates files with the file name prefix “~DQ” [2]. We confirmed Duqu is a threat nearly identical to Stuxnet, but with a completely different purpose of espionage rather than sabotage.
منابع مشابه
Duqu: Analysis, Detection, and Lessons Learned
In September 2011, a European company sought our help to investigate a security incident that happened in their IT system. During the investigation, we discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. We named the new malware Duqu, and we carried out its first analysis. Our findings led to the...
متن کاملPreparing for Cyber-attacks on Air Traffic Management Infrastructures: Cyber-safety Scenario Generation
Malware poses a growing threat to a host of safety-critical systems that depend on common software components, including the Linux operating system and the Internet Protocol (IP). Threats include ‘mass market’ malware that is not deliberately aimed at safety-related systems. They also include more sophisticated techniques exploited by W32.Stuxnet, W32.Duqu, W32.Flame etc. Previous work in this ...
متن کاملThe Cousins of Stuxnet: Duqu, Flame, and Gauss
Stuxnet was the first targeted malware that received worldwide attention for causing physical damage in an industrial infrastructure seemingly isolated from the online world. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing ...
متن کاملWorm Detection without Knowledge Base in Industrial Networks
A sophisticated worm, namely Stuxnet, attacked Iran nuclear facilities in 2010. This incident, together with newly found similar worms, e.g., Duqu, Flame, Gauss, highlight the cyber threat in industrial networks. These worms are highlytargeted and are carefully tested before being released. They are difficult to be detected by current security products, as there is no knowledge about them when ...
متن کاملFuncTracker: Discovering Shared Code to Aid Malware Forensics
Malware code has forensic value, as evident from recent studies drawing relationships between creators of Duqu and Stuxnet through similarity of their code. We present FuncTracker, a system developed on top of Palantir, to discover, visualize, and explore relationships between malware code, with the intent of drawing connections over very large corpi of malware – millions of binaries consiting ...
متن کامل