Home » In Other News

The Precursor to the Next Stuxnet

Posted 19 Oct 2011 | No Comments | 2,617 views

Symantec claims to have found what they are calling the precursor to the next Stuxnet worm. The new trojan has been identified as W32.Duqu because of the DQ file name prefix. According to Symantec’s analysis Duqu is not designed to wreak havoc on industrial control systems (ICS), but it is intended to be used as a command and control trojan. Duqu communicates with a C&C server hosted in India, and was used to install data collection tools to several sites in Europe.

Duqu does not natively include any mechanism to self-replicate to other devices, and it must be propagated through other means. Symantec has not retrieved the installer that was used to deliver Duqu. After a successful installation, the trojan will run for 36 days and then remove itself from the compromised system. This is mostly likely an attempt to avoid detection.

Symantec is still continuing investigation into the new threat. As of press time, Symantec has recovered several variants of the attack. This will get a lot more attention as the Duqu’s focus shifts from data collection to more nefarious purposes.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS. Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled service. To get your own globally-recognized-avatar, please register at Gravatar.