September 1st 2011 witnessed the arrival of a new computer worm
DUQU which was discovered by Budapest University of Technology and
Economics in Hungary. This worm creates files with prefix "~DQ" and
thereby strangely named DUQU.
DUQU is fairly
similar to predecessor the STUXNET trojan which is considered to be one
of the most dangerous and complex malware of the previous decade. This
was created by forces who oppose Iran's Uranium enrichment program. This
trojan creeps into the system and attacks the SCADA(Supervisory Control
and Data Acquisition) which run on Siemens Industrial Software. SCADA
system operations was sabotaged and the control informations were
interrupted. It was first identified by the security company
VIRUSBLOKADA, and later confirmed by other world agencies that STUXNET
is the brain child of USA and Israel.
It is
presumed that someone who had access to the STUXNET source code is
responsible for DUQU. Stealing information in the foreground and kernel
drivers and injecting tools in the background. However the actual
working process of this malware is still an enigma. Besides recording
keystrokes and network information it can also take screen shots and
explore files on all drives. Duqu can sneak into computers by hiding in
Word document files opened as email attachments. The TTF related flaw in
win32.sys file in windows operating system is responsible for the
execution of this malware components. DUQU uses a simple peer to peer
protocol to move within the secured networks. After making judicious use
of its ability it removes itself from the system.
McAfee
says DUQU also steals digital certificates from attacked computers to
help future viruses appear as secure software. The data extracted is
sent to a command-and-control (C&C) server, which has now been has
been blacklisted by the ISP.
Microsoft to reinstate the trust
of its customers as came out with a patch. Microsoft trustworthy
computing group manager Jerry Bryant says, "To make it easy for
customers, we have released a fix-it that will allow one-click
installation of the workaround and an easy way for enterprises to
deploy"
The potent of these malwares to create
havoc on the control systems around the world is immense. The menace of
STUXNET and DUQU must be dealt without timelag and utmost efficiency.
The Ethical Hacking team around the world must make sure that such
deadly malwares are nipped at the bud in the future.
For Any Ques Leave A Comment Or Contact Me On Facebook
Contact ==> www.facebook.com/ryan.manjothi
Contact ==> www.facebook.com/ryan.manjothi
Posts
0 comments:
Post a Comment