TechWorld: Stuxnet and Duqu part of larger cybermalware campaign

/Home/Internet Security: Articles/Internet Security: TechWorld/TechWorld: Security

Worms could be tip of malware iceberg, Kaspersky researchers suggest

By John E Dunn
30 December 2011

The Stuxnet worm was built on the same platform used from 2007 onwards to create a family of cyber-weapon-like malware including the recently-discovered Duqu worm, a forensic analysis by Kaspersky Lab researchers has concluded.

In a detailed analysis, Kaspersky’s Alexander Gotsev and Igor Soumenkov lay out the evidence for both pieces of malware having been created using a cybermalware kernel they call ‘tilded’ (after the tendency of its programmers to use the ~d characters at the start of filenames).

The clues to the relationship between Stuxnet and Duqu look compelling and have in part been mentioned by the company before. Both share a common design, featuring an identical division of the programs into parts carrying out similar functions.

Click the URL above to read the full article