FAQ: What's the big deal about Duqu?
It could pose a grave threat to the industrial control systems
Computerworld - The recently discovered Duqu Trojan has received considerable attention from the security research community. Here's why. What is Duqu? It's a Remote Access Trojan (RAT) that is designed to steal data from computers it infects. It was discovered by the Laboratory of Cryptography and Systems Security (CrySys) at Budapest University.
RATs are pretty common these days. Why is so much attention to Duqu? Duqu is believed to have been created by the same people who wrote Stuxnet, the worm that was used to disrupt operations at Iran's Natanz nuclear facility last year. A lot of security analysts believe that it is a precursor to the next Stuxnet and poses a grave threat to the industrial control systems that manage equipment at critical infrastructure facilities such as power plants and water treatment facilities.
What exactly is the link between Stuxnet and Duqu? Duqu and Stuxnet share a lot of common code and functions. While Stuxnet binaries have been floating around for some time, the actual source code itself has not been publicly available. The fact that Duqu contains Stuxnet code has led some to believe that Duqu's authors either have direct access to Stuxnet code -- or were the authors of Stuxnet. Duqu also uses an installation driver that is signed using a stolen or forged digital certificate belonging to a Taiwanese company called JMicron. Stuxnet used certificates belonging to the same company.
So, Duqu is targeted at industrial control systems then? Sort of, but not quite in the same manner as Stuxnet. Duqu appears designed to steal information from vendors of industrial control systems. It is an intelligence-gathering agent. Stuxnet on the other hand was designed to cause actual physical damage to industrial control systems. Security vendor Symantec and others believe that Duqu is being used to steal information that can eventually be used to craft another Stuxnet.
How serious a threat does Duqu really pose? That depends on whom you ask. Companies such as Symantec and Kaspersky have described Duqu as a highly sophisticated piece of malware likely created by a nation state for the specific purpose of going after industrial control systems. Those fears are likely to be fueled by news emerging from Iran that computers in the country have been targeted by Duqu.
But not everyone shares this opinion right? Correct. Some believe the fears are overstated. The U.S. ICS Computer Emergency Response Team initially issued a warning for critical infrastructure owners to be on the alert for Duqu. Later, however, it issued an update saying that neither industrial control systems (ICSs) nor vendors/manufacturers were targeted by Duqu (download PDF).


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Driving Secure Enterprise File Sharing and Syncing in the Enterprise
- GroupLogic's new activEcho is the industry's only secure Enterprise File Sharing and Synching solution that balances the need for simplicity for the end...
- The Enterprise File Sharing Option
- Enterprises and IT departments need to address several critical security issues when considering file sharing and syncing products. Many of today's solutions do...
- Security Strategies to Virtualizing Internet-Facing Applications
- The IT organization at Intel has set a goal to transition their enterprise to a private cloud for their Office and Enterprise applications....
- Cloud Security Planning Guide
- Cloud security considerations span protecting hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different...
- Cloud Security Vendor Round Table
- This vendor round table guide will help you to evaluate different cloud technology vendors and service providers based on a series of questions... All Security White Papers
- Live Webcast
Data Privacy and Protection in Production Environments: New Research from Ponemon Institute - Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT
In a recent study conducted by Ponemon Institute, fifty-five percent of respondents... - Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT
In a recent study conducted by Ponemon Institute, fifty-five percent of respondents... - Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?
- FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
- BlackBerry PlayBook OS 2.0 Security Overview
- The presentation provides an overview of BlackBerry PlayBook OS 2.0 security capabilities and features, including: BlackBerry® Balance™ technology, BlackBerry® Bridge, data-at-rest protection, and...
- BlackBerry NFC Security Overview
- The presentation on NFC security will provide an overview of the security protections built into the BlackBerry platform to protect users, application developers...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts