No quick patch to kill Duqu, turn back clock to when viruses weren't smarter than your apps

Most blame governments for Stuxnet; is Duqu the same or a huge step forward for digital crooks?

By  

Most don't build in so much sophisticated programming they're able to restructure themselves, change themselves and their environment by manipulating the Windows registry and choose which Windows process to build themselves into so they can keep as close an eye as possible on everything going on within their own view while remaining invisible themselves.

Most virus writers that would like their code to check in with them periodically, let each bit of it phone home. They don't have many instances of their code designate a spokes-virus to do their talking for them.

That's a lot more subtle than most viruses. More akin to the way Stuxnet moved into the Windows-based SCADA machines on in Iran – but didn't just wreck the centrifuges. It slowed them down and changed the speed registers so the Iranian technicians didn't know right away that their bomb development had been Fubared and wouldn't guess their computers had been infected.

Duqu may not be the Son of Stuxnet.

Duqu may not be, as Symantec predicts, the precursor to a new, more powerful Stuxnet that will become an even fiercer saboteur.

But it's not a normal bit of malware. Its complexity and subtlety is much greater not only than most viruses, but greater than most malware carrying keyloggers or other data-stealing payloads.

On the other hand: The Obligatory Conspiracy Theory

It is that level of sophistication that leads some analysts to guess that only a national intelligence agency would have the resources, patience or desire to build a weapon like Duqu, let alone an organization big enough and desire for specific information persistent enough to justify development and use of a tool that's more remote access than it is a fire-and-forget attack mechanism.

Duqu wasn't designed to invade a facility and just steal or break whatever the virus could reach. It was designed to give a staff snoops remote control over agents they could re-use, reconfigure and redirect during an intelligence operation with specific targets and time limits.

That sounds a lot like a national intelligence agency. Nothing else fits quite as easily.

It also sounds like what a sophisticated criminal organization might build that was interested in expanding beyond identity theft and fraud, or even beyond smash-and-grab raids for information it could resell as industrial espionage.

If that's the business you were going into, you'd want a tool that was effective enough to get the job done, subtle enough not to warn the victim you're coming or give too much evidence to the law that you'd been there, and that was changeable enough to adapt to the technical infrastructure of new victims and the differing requirements of clients wanting different types of information, for different reasons, from different types of targets.

Photo Credit: 

Symantec: Duqu: the precursor to the next Stuxnet, flowchart of Duqu installation procedure.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness