Dugu the feared Stuxnet virus has got a heir

[kgun]

Beware of Duqu, spawn of Stuxnet

First there was the Stuxnet computer virus that wreaked havoc on Iran's nuclear programme. Now comes "Duqu," which researchers said appears to be quite similar.

Security software firm Symantec said in a report it was alerted by a research lab with international connections to a malicious code that "appeared to be very similar to Stuxnet." It was named Duqu because it creates files with "DQ" in the prefix.

Norwegian article: http://www.nettavisen.no/nyheter/article3254583.ece

[deepsand]

Considering that, unlike StuxNet, DQ is a non-replicating passive observer, calling it a "spawn of StuxNet" smacks of media oriented hype.

[kgun]

Considering that, unlike StuxNet, DQ is a non-replicating passive observer, calling it a "spawn of StuxNet" smacks of media oriented hype.

It is not every day a virus get attention on our main Tv station. What was said there is fairly the same as quoted from the Norwegian article linked to in my Op.

Det nye dataviruset har mye til felles med dataormen Stuxnet når det gjelder kode og funksjonalitet og kjennetegnes av filer med «DQ» i navnet.

Mens Stuxnet var designet for å krype inn og ta kontroll over kontrollsystemer som benyttes av industrien, virker Duqu å være ute etter å samle informasjon.

Almost perfectly translated by Google translate

The new virus has much in common with computer worm Stuxnet in terms of code and functionality and are characterized by files with "DQ" in the name.

While Stuxnet was designed to creep in and take control of control systems used by industry, Duque seems to be looking to gather information.

It was warned that the virus is potentially very dangerous and that Anti virus programs are no guarantee to protect sensitive systems.

[deepsand]

Given that it's non-replicating, it's not a true virus.

Do we know what attack vector is used?

[kgun]

Given that it's non-replicating, it's not a true virus.

Do we know what attack vector is used?

I don't know more than was mentioned in the news on our Tv and the articles linked to above. I thought it deserved a post here.

[deepsand]

Kaspersky found that its driver was compiled in August 2007, while the one found by Crysys was dated March 2008.

"If this information is correct, then the authors of Duqu must have been working on this project for over four years!" Gostev wrote.

If that's true, then Duqu, dubbed the "son of Stuxnet" because of its startling similarity to the military-grade worm that infected and disrupted Iranian nuclear facilities in 2010, may actually be the father of the more famous bug.

More at Duqu Trojan revealed to be shape-shifting serial killer

and Stuxnet and Duqu Part of Larger Cybermalware Campaign.

[deepsand]

Security researchers have discovered a new variant of the Duqu cyberespionage malware that was designed to evade detection by antivirus products and other security tools.

More at Researchers Discover New Duqu Variant That Tries to Evade Antivirus Detection

The Duqu Trojan which some believe is a relative of the Stuxnet worm used to attack Iran was partly programmed in Object-Oriented C (OOC) by a traditional "old school" enterprise programming team, Kaspersky Lab researchers have concluded.

More at Duqu Trojan Mystery Programming Language Identified as "Old School" C