Symantec: Stuxnet creators bring new malware in circulation

0
331

Symantec has malware analyzed that appears to be of the Stuxnet creators. The malware, Duqu called, would not, however, his sabotage of industrial lwa le systems on data collection in order to new attacks.

Security researchers from Symantec have a week ago from an unnamed research institute a malware sample that would be similar to Stuxnet. The code would have been found in several European companies involved in industrial control systems developing. The malware Duqu because the files with “~DQ ” in the file name.

According to Symantec, the malware is indeed almost identical to Stuxnet, which the company conclude that the creators directly had access to the source code of the notorious malware, and not only the binaries. Duqu, however, would have a purpose other than the sabotage of so-called scada-systems; the Stuxnet worm, and focused explicitly on the nuclear installations of Iran.

Symantec describes Duqu, which until now, two variants have been discovered, as a non-replicating remote access trojan that is gathering information for a select group of companies. By the Duqu malware, the attackers, among other keyloggers install, as well as other components, in order to gain access to corporate networks.

The malicious software would be via http and https connections to communicate with the home base, where the stolen data as jpg-files are disguised. After 36 days of Duqu itself from an infected system. It is unclear yet how the malware targets have been able to achieve.

What is striking is that malware like Stuxnet, which had a Realtek-signature, uses at the time a valid certificate that VeriSign issued to the in Taiwan influential company C-Media. According to Symantec, the on key were stolen from the company and is not separately generated. Now is the certificate on 14 October by VeriSign, part of Symantec, has been withdrawn.