berbagi-itu-indah-dan-menyenangkan

Home
Dropdown
Testing Element
Another Options
- Option 1
- Option 2
- Option 3
- Option 4
- Option 5
E-Learning
Download
- Option 1
- Option 2
- Option 3
- Option 4
- Option 5
About me
Privacy Policy
Disclaimer

12 April, 2004

Next Generation "DuQu"

Published : 5:16:00 PM Author : g34rboxxx

The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing.

Computer security companies agree that these virus is unprecedented and it means the dawn of a new world. Stuxnet and Duqu were not designed to steal money or send spam but to sabotage plants and cause damage in industrial environments. Expect the appearance of additional copies.

The Stuxnet virus that attacked Iran's nuclear program can cripple the country's nuclear facilities for two years, a German computer expert announced on Wednesday, December 15, 2010.

From what researchers can tell, Duqu's mission is to gather intelligence data and assets from entities like industrial control system manufacturers, to more easily conduct a future attack against another third party.

According to Symantec, the next threat, dubbed “DuQu” because the code has the code string ~DQ within it, is a surveillance-based Trojan horse, designed to relay information back to a command and control center. DuQu uses mock .jpg files along with other dummy files, all encrypted, to exfiltrate data. Unlike Stuxnet, which specifically damaged Siemens PCS 7 systems, DuQu appears to be only collecting information about the design of other industrial control systems. DuQu only has an active lifetime of about 36 days, but this is probably to limit its discovery.

The Symantec report states “the threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last Stuxnet file we recovered.” F-Secure’s Mikko Hypponen tweeted “Duqu’s kernel driver (JMINET7.SYS) is so similar to Stuxnet’s driver (MRXCLS.SYS) that our back-end systems actually thought it’s Stuxnet.”

At this time DuQu does not propagate and has been released only within targeted industries, although Symantec admits it may also be elsewhere and not yet discovered. The original compile dates on some of the variants of DuQu so far analyzed suggest it may have existed as far back as November 3, 2010. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date DuQu.