Last year, Stuxnet unveiled itself as one of the most sophisticated and targeted pieces of malware with its penchant for Iranian nuclear centrifuges. It was only a matter of time before variants came out, whether from the original authors or from criminals harvesting techniques. Symantec identified a variation using components of Stuxnet’s code and techniques running around Europe they’ve dubbed Duqu, based on a string of DQ characters found within. Duqu seems to be an information gathering tool allowing interactive remote access, keylogging and other data snarfing abilities while embedding itself as a driver using stolen certificates. This particular one differs from Stuxnet in that it seems to have no code specific to SCADA systems nor does it self-replicate.
Similarly tagged OmniNerd content: