New Version of Duqu Found

On Tuesday, Symantec reported on their blog that they have found yet another variant of Stuxnet’s relative “Duqu”. Symantec lists 15 variants in their Duqu Whitepaper(PDF). This version is different as it uses a new infection technique. It installs via a loader file that executes on reboot. The loader file then decrypts and installs the remaining Duqu code from the hard drive.

With a compile date of February 23, 2012, it seems that the Stuxnet creators are still alive and well.

~ by D. Dieterle on March 22, 2012.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: