Actually, my name is Duqu - Stuxnet is my middle name
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Actually, my name is Duqu - Stuxnet is my middle name | |
|---|---|
| Botnet | Duqu, Stuxnet |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-03-23 |
| Editor/Conference | BAE Systems stratsec |
| Link | http://stratsec.blogspot.fr/2012/03/actually-my-name-is-duqu-stuxnet-is-my.html (Archive copy) |
| Author | Sergei Shevchenko |
| Type | |
Abstract
“ A couple of days ago Symantec Security Response has discovered a new strain of Duqu, a close relative of Stuxnet that is compiled from the same source code and shares many similarities with it.
The only captured sample is a kernel mode driver. It is not clear if this driver was accompanied with other previously unseen components of if it was the only modified part of the latest known set of Duqu files. To get some answers about its functionality, let's dissect the newly discovered Duqu driver both statically and dynamically.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR953,
editor = {BAE Systems stratsec},
author = {Sergei Shevchenko},
title = {Actually, my name is Duqu - Stuxnet is my middle name},
date = {23},
month = Mar,
year = {2012},
howpublished = {\url{http://stratsec.blogspot.fr/2012/03/actually-my-name-is-duqu-stuxnet-is-my.html}},
}