What Is Duqu Up To?

As researchers debate a Duqu-Stuxnet connection and study a new zero-day Duqu exploit, still no word on the actual targets or its mission.

InformationWeek Staff, Contributor

November 3, 2011

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Even as new clues have been uncovered about Duqu over the past few days--most notably a new zero-day attack that spreads via a Microsoft Word document--researchers remain at odds over whether this latest, highly targeted threat with several parallels to Stuxnet is actually related to Stuxnet.

The discovery, revealed Tuesday, of a zero-day exploit used in the Duqu attack--specifically, a Word file containing malware that exploits a previously unknown flaw in Windows that was sent to one of the Duqu victim organizations--still doesn't provide much more information on what specifically Duqu is up to, or who specifically should be worried about it.

Duqu, which originally was found in some unnamed European organizations and appeared to be attacking industrial control-system vendors and certificate authorities (CAs), was thought to be the first stage of a next-generation Stuxnet-type attack. Unlike Stuxnet, which was specifically targeting Iran's nuclear facilities, Duqu is about cyberespionage and not aimed at process control systems. Some commonalities between the two threats have researchers debating whether Duqu is a spinoff of Stuxnet's source code, or whether the same players are behind it as were with Stuxnet.

Researchers from Symantec, McAfee, and F-Secure all say whoever wrote the backdoor had their hands on Stuxnet source code. About half of the code in Duqu is the same as the code used in Stuxnet, according to Symantec.

Meantime, neither Microsoft nor Symantec, which is studying the zero-day exploit, has shared the dropper with other antivirus firms. Microsoft said it's working on a fix, although experts don't expect it to come in next week's Patch Tuesday release.

"Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware. We are working diligently to address this issue and will release a security update for customers through our security bulletin process," said Jerry Bryant, group manager for response communications in Microsoft Trustworthy Computing.

Read the rest of this article on Dark Reading.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights