Latest news
Security researchers are still analyzing samples and are trying to figure out whether they have might have been developed by the same individual or group of people, and according to Kapersky Lab researchers Alexander Gostev and Igor Soumenkov, they have.
"In terms of architecture, the platform used to create Duqu and Stuxnet is the same," they say. "This platform can be conventionally named as 'Tilded' as its authors are, for some reason, inclined to use file names which start with '~d'."
They believe that the platform itself dates back to 2007-2008, that it was significantly changed in 2010 to keep up with the development of antivirus techniques, and that further modifications are sure to be undertaken in time. They also believe that Stuxnet and Duqu are not the only malware that was developed during the last four years on that platform.
By analyzing the various driver files used by both pieces of malware and some that were obviously compiled and used earlier but can conclusively be either to either of them, they came to the conclusion that it's highly likely that the same team of developers were behind all of them, and that Stuxnet and Duqu have been developed simultaneously.
"A few times a year the authors compile a new version of a driver file, creating a reference file. The primary purpose of this file is to load and execute a main module, which is created separately. It could be Stuxnet, or Duqu or something else," they explain. "When it is necessary to use a driver for a new module, the authors use a dedicated program to modify information in the driver’s 'reference' file, i.e. its name and service information as well as the registry key and its value. It’s important to note that they tweak ready-made files and don’t create a new one from scratch. This means they can make as many different driver files as they like, each having exactly the same functionality and creation date."
Spotlight
17% of the world's PCs are unprotected
Posted on 30 May 2012. | In a study that analyzed data from voluntary scans from an average of 27-28 million computers per month, McAfee researchers found 17% of the world is browsing the internet completely unprotected.
What's new in ISO 22301
Posted on 29 May 2012. | Currently there are many business continuity frameworks and standards around the world, but none of them have really taken the dominant position.
Trojan spyware promoted as Steam keygen
Posted on 29 May 2012. | To users looking for keygens for their Steam games, read on: we found something that will make you think twice and probably leave you steering clear of key generators forever.
New cyber weapon targets systems in the Middle East
Posted on 28 May 2012. | A new sophisticated piece of malware dubbed "Flame" has been discovered in systems belonging to users in many Middle Eastern countries and is though to have been developed by a nation state.
RuFraud scammers caught and fined
Posted on 28 May 2012. | PhonepayPlus managed to cut off a malware attack that took the form of premium SMS fraudulent apps masquerading as popular apps offered on Google Play and other online stores.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
 |
