What Is Duqu Up To?

As researchers debate a Duqu-Stuxnet connection and study a new zero-day Duqu exploit, still no word on the actual targets or its mission.

InformationWeek Staff, Contributor

November 3, 2011

2 Min Read

Even as new clues have been uncovered about Duqu over the past few days--most notably a new zero-day attack that spreads via a Microsoft Word document--researchers remain at odds over whether this latest, highly targeted threat with several parallels to Stuxnet is actually related to Stuxnet.

The discovery, revealed Tuesday, of a zero-day exploit used in the Duqu attack--specifically, a Word file containing malware that exploits a previously unknown flaw in Windows that was sent to one of the Duqu victim organizations--still doesn't provide much more information on what specifically Duqu is up to, or who specifically should be worried about it.

Duqu, which originally was found in some unnamed European organizations and appeared to be attacking industrial control-system vendors and certificate authorities (CAs), was thought to be the first stage of a next-generation Stuxnet-type attack. Unlike Stuxnet, which was specifically targeting Iran's nuclear facilities, Duqu is about cyberespionage and not aimed at process control systems. Some commonalities between the two threats have researchers debating whether Duqu is a spinoff of Stuxnet's source code, or whether the same players are behind it as were with Stuxnet.

Researchers from Symantec, McAfee, and F-Secure all say whoever wrote the backdoor had their hands on Stuxnet source code. About half of the code in Duqu is the same as the code used in Stuxnet, according to Symantec.

Meantime, neither Microsoft nor Symantec, which is studying the zero-day exploit, has shared the dropper with other antivirus firms. Microsoft said it's working on a fix, although experts don't expect it to come in next week's Patch Tuesday release.

"Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware. We are working diligently to address this issue and will release a security update for customers through our security bulletin process," said Jerry Bryant, group manager for response communications in Microsoft Trustworthy Computing.

Read the rest of this article on Dark Reading.

About the Author(s)

InformationWeek Staff

InformationWeek Staff

Contributor

See more from InformationWeek Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Bald eagles, eagle in flight.
Cyber Resilience
9 Ways CISOs Can Stay Ahead of Bad Actors9 Ways CISOs Can Stay Ahead of Bad Actors
byLisa Morgan
Jul 24, 2024
9 Slides
Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.
Data Management
How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?
byCarrie Pallardy
Jul 22, 2024
11 Min Read
CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.
Cyber Resilience
CrowdStrike Aftermath: Lessons Learned for Future RecoveryCrowdStrike Aftermath: Lessons Learned for Future Recovery
byJoao-Pierre S. Ruth
Jul 24, 2024
6 Min Read
Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI2024 InformationWeek US IT Salary Report
byInformationWeek Staff
Jun 4, 2024
1 Min Read
Digital Security and Threat of a System
IT Leadership
11 Ways Cybersecurity Threats are Evolving11 Ways Cybersecurity Threats are Evolving
byLisa Morgan
Jun 13, 2024
11 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports