FAQ: What's the big deal about Duqu?
It could pose a grave threat to the industrial control systems
Computerworld - The recently discovered Duqu Trojan has received considerable attention from the security research community. Here's why. What is Duqu? It's a remote-access Trojan (RAT) that is designed to steal data from computers it infects. It was discovered by the Laboratory of Cryptography and Systems Security (CrySys) at Budapest University.
RATs are pretty common these days. Why is so much attention to Duqu? Duqu is believed to have been created by the same people who wrote Stuxnet, the worm that was used to disrupt operations at Iran's Natanz nuclear facility last year. A lot of security analysts believe that it is a precursor to the next Stuxnet and poses a grave threat to the industrial control systems that manage equipment at critical infrastructure facilities such as power plants and water treatment facilities.
What exactly is the link between Stuxnet and Duqu? Duqu and Stuxnet share a lot of common code and functions. While Stuxnet binaries have been floating around for some time, the actual source code itself has not been publicly available. The fact that Duqu contains Stuxnet code has led some to believe that Duqu's authors either have direct access to Stuxnet code -- or were the authors of Stuxnet. Duqu also uses an installation driver that is signed using a stolen or forged digital certificate belonging to a Taiwanese company called JMicron. Stuxnet used certificates belonging to the same company.
So, Duqu is targeted at industrial control systems then? Sort of, but not quite in the same manner as Stuxnet. Duqu appears designed to steal information from vendors of industrial control systems. It is an intelligence-gathering agent. Stuxnet on the other hand was designed to cause actual physical damage to industrial control systems. Security vendor Symantec and others believe that Duqu is being used to steal information that can eventually be used to craft another Stuxnet.
How serious a threat does Duqu really pose? That depends on whom you ask. Companies such as Symantec and Kaspersky have described Duqu as a highly sophisticated piece of malware likely created by a nation state for the specific purpose of going after industrial control systems. Those fears are likely to be fueled by news emerging from Iran that computers in the country have been targeted by Duqu.
But not everyone shares this opinion right? Correct. Some believe the fears are overstated. The U.S. ICS Computer Emergency Response Team initially issued a warning for critical infrastructure owners to be on the alert for Duqu. Later, however, it issued an update saying that neither industrial control systems (ICSs) nor vendors/manufacturers were targeted by Duqu (download PDF).
- DOJ's charges against China reframe security, surveillance debate
- Hacker indictments against China's military unlikely to change anything
- U.S. to formally accuse Chinese military of hacking
- Cyberattacks could paralyze U.S., former defense chief warns
- The NSA blame game: Singling out RSA diverts attention from others
- Jury still out on FISA court
- Suspected China-based hackers 'Comment Crew' rises again
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!