Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43440
  • Total Topics: 16532
  • Online today: 3045
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2996
Total: 2998









Author Topic: DuQu virus spread around a Globe (".DQ", Stuxnet worm)  (Read 5929 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« on: 29. October 2011., 09:28:39 »


Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat.

Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.

News of Duqu first surfaced last week when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.

Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.

The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said.

"This one is challenging," said Marty Edwards, director of the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

He declined to comment on the investigation by authorities in India, but said that his agency was working with counterparts in other countries to learn more about Duqu.

Two employees at Web Werks said officials from India's Department of Information Technology came to their office last week to take hard drives and other parts from a server.

They said they did not know how the malware got on to Web Werks' server. "We couldn't track down this customer," said one of the two employees, who did not want to be identified for fear of losing their jobs.

An official in India's Department of Information Technology who investigates cyber attacks also declined to discuss the matter. "I am not able to comment on any investigations," said Gulshan Rai, director of the Indian Computer Emergency Response Team, or CERT-In.

UNLOCKING THE SECRET

Stuxnet is malicious software designed to target widely used industrial control systems built by Germany's Siemens. It is believed to have crippled centrifuges that Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program.

Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.

Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.

Duqu -- so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.

Experts suspect that information is being gathered for use in developing future cyber weapons that would target the control systems of critical infrastructure.

The hackers behind Duqu are unknown, but their sophistication suggests they are backed by a government, researchers say.

"A cyber saboteur should understand the engineering specifications of every component that could be targeted for destruction in an operation," said John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit.

That is exactly what the authors of Stuxnet did when they built that cyber weapon, said Bumgarner, who is writing a paper on the development of Stuxnet.

"They studied the technical details of gas centrifuges and figured out how they could be destroyed," he said.

Such cyber reconnaissance missions are examples of an increasingly common phenomenon known as "blended" attacks, where elite hackers infiltrate one target to facilitate access to another.

Hackers who infiltrated Nasdaq's computer systems last year installed malware that allowed them to spy on the directors of publicly held companies.

In March, hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.

Researchers said they are still trying to figure out what the next phase of Duqu attacks might be.

"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."

(Reuters)

Samker's Computer Forum - SCforum.info

DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« on: 29. October 2011., 09:28:39 »

vishwanath99

  • SCF Member
  • **
  • Posts: 61
  • KARMA: 6
  • Gender: Male
Re: DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« Reply #1 on: 30. October 2011., 14:27:39 »
Highly sophisticated attack prepared by hacker
does any one hv more information about this attack and how exactly DuQu virus  WORKS

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« Reply #2 on: 31. October 2011., 08:55:57 »
...
does any one hv more information about this attack and how exactly DuQu virus  WORKS

Mate, here you have more info's about DuQu:

- Symantec's White Paper "W32.Duqu: The Precursor to the Next Stuxnet": http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

- Kaspersky's Securelist "The Mystery of Duqu: Part One": http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One & "The Mystery of Duqu: Part Two": http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two


Hope these info's will help you??


Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« Reply #3 on: 06. November 2011., 10:50:14 »
   
Protect your PC from Duqu malware with Microsoft's temporary “fix-it”: http://scforum.info/index.php/topic,7175.0.html


Samker's Computer Forum - SCforum.info

Re: DuQu virus spread around a Globe (".DQ", Stuxnet worm)
« Reply #3 on: 06. November 2011., 10:50:14 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023