Actually, my name is Duqu - Stuxnet is my middle name

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Actually, my name is Duqu - Stuxnet is my middle name
Botnet Duqu, Stuxnet
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-03-23
Editor/Conference BAE Systems stratsec
Link http://stratsec.blogspot.fr/2012/03/actually-my-name-is-duqu-stuxnet-is-my.html (Archive copy)
Author Sergei Shevchenko
Type

Abstract

A couple of days ago Symantec Security Response has discovered a new strain of Duqu, a close relative of Stuxnet that is compiled from the same source code and shares many similarities with it.

The only captured sample is a kernel mode driver. It is not clear if this driver was accompanied with other previously unseen components of if it was the only modified part of the latest known set of Duqu files. To get some answers about its functionality, let's dissect the newly discovered Duqu driver both statically and dynamically.

Bibtex

 @misc{Shevchenko2012BFR953,
   editor = {BAE Systems stratsec},
   author = {Sergei Shevchenko},
   title = {Actually, my name is Duqu - Stuxnet is my middle name},
   date = {23},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://stratsec.blogspot.fr/2012/03/actually-my-name-is-duqu-stuxnet-is-my.html}},
 }