There has been some Malware recently discovered that is said to be based on the infamous Stuxnet virus which is considered one of the world's most sophisticated viruses. In a detailed report, Symantec says the malware was discovered in an organization in Europe. Its called Duqu because it creates files with the file name prefix ~DQ.
"Our telemetry shows the threat has been highly targeted toward a limited number of organizations for their specific assets. However, it's possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants," the report Symantec says.
The original Stuxnet virus delivered a highly specific payload that attacked control systems found in Iranian nuclear processing plants. Duqu is different because it doesn't spread from machine to machine. "It has been specifically targeted at systems with the goal of getting in, compromising them, and then exfiltrating information." Duqu tricks Windows into allowing it to execute by exploiting a stolen digital certificate, taken from a company with headquarters in Taiwan.
Once Duqu has been planted, it starts to communicate with a server based in India. It manages to obtain additional code able to record keystrokes and collect other system information that it then sends back to the control server.
No comments:
Post a Comment