Skip to comments.Duqu, Stuxnet malware developed by same group (screwed Iran - big time)
Posted on 01/26/2012 6:57:32 PM PST by Libloather
Duqu, Stuxnet malware developed by same group
Posted on 20 Jan 2012 at 2:29pm
The infamous Trojan software Duqu and Stuxnet were developed by only one group of malware developers, according to Internet security firm Kaspersky Lab.
In fact, Kaspersky said the malware development team could already have developed other malwares using the same platform that was flexibly adaptable to specific targets.
Kaspersky released a report stating that Duqu and Stuxnet, as well as a number of malware discovered in 2011 were using a development platform called Tilded, citing the use of the tilde symbol (~) in many of these malware.
The Kaspersky team, led by its Chief Security Expert Alexander Gostev discovered the similarities between these malware during an extensive investigation in 2011 that aimed to identify the source of these Trojans.
Some of the similarities include a software driver within Duqu and Stuxnet that commanded how the malware would work when it infects a computer. Among the few key differences is the date of the signing of the digital certificate.
Gostev noted that the Tilded platform was created around 2007 or early 2008, after which it underwent more significant changes in late 2010. The significant changes in the Tilded platform were fueled, most likely, by the need for malware creators to make their malwares less detectable to antivirus applications.
The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they cant be attributed either to the more targeted Duqu Trojan due to the compilation date, said Gostev.
We consider that these drivers were used either in an earlier version of Duqu or for infection with completely different malicious programs. Moreover, these could have been same platform and, it is likely, a single creator-team, Gostev added.
Meanwhile, other malware that are yet to be identified also had some similarities to either Duqu and Stuxnet, fueling speculation as to the source of these malware.
Duqu was discovered in the wild in late 2011 while Stuxnet was spreading since mid-2010. Their mode of attack is to infect very specific, industrial machines. Once it infects a machine, it captures specific information and commands and sends these to the one where the malware was deployed.
Administrators of these industrial devices that were infected often do not know of the presence of Duqu or Stuxnet unless they run a systems analysis of their information technology infrastructure.
It has been speculated that the purpose of Duqu, Stuxnet and their similar malware is for espionage as some of the infections were found in nuclear power plant facilities, especially in Iran.
There were a number of projects involving programs based on the Tilded platform throughout the period 2007-2011. Stuxnet and Duqu are two of them there could have been others, which for now remain unknown. The platform continues to develop, which can only mean one thing were likely to see more modifications in the future, warned Gostev.
Baraq forgot to send his buddy Imawhackjob some antivirus software.....
I’d feel better about this report if Kaspersky were not a Russian firm.
The inability to just throw more and more processor speed and memory at a problem made a lot of Russians into very fine programers.
We have bloatware...
A LOT of speculation. Sounds like they studied and studied and still scratch their heads WTF. hehehe
I’ve read up on Stuxnet and know the Siemens hardware it was aimed at, and whoever came up with this is a freakin’ genius. I hope he’s paid well in the 1% range and continues to wreak cyber-havoc on our enemies for a long time to come.
The Tilded Age ping. Thanks Libloather.
ESET NOD32 is what I use.
Works great and on a 64-bit platform.
My office provides Semantec software for free but I won’t touch that bloatware and prefer to go with the yearly subscription for ESET’s product.
Yes, Indeed. Caused by the wrong motivation in software development. Written for creating ad revenue, tracking and forced system upgrades. We no longer try to build a better mouse trap, it is all about escalator software, planned obsolescence, forced hardware upgrades and vertical marketing scams.
This is why in 1994 I began using Linux as an alternative. Is it better? Probably, in terms of stability. But it is written by those who are not in it to make systems self destruct, which for me is definately better.
well then there, it looks like y2k is just sitting around waiting to happen.
Until they are.
It all comes from the same place, pretty much, as I understand it.
thanks for your reply.
It’s not their expertise I wonder about, it’s their agenda, independence and objectivity.
Slimeware & Malware do not all come from the same place.
Viruses, Worms, Trojans do not all come from the same place.
System security compromises? That might be another matter. Certain agencies would never sign of on systems with no “openings”.
It is important? Yes. Is it necessary, possibly. Will the technology be used for our advantage? I doubt it.
I am too old to consider programming, but have lots of hours ferreting out computer bugs. Not trained as an IT tech. Background in devices with wires and traces. In another time I etched lots of boards. Seems very archaic today, but was fun then.
Lately I have had the urge to push away from PC’s and back to RF. It may eventually come to that for me.
Perhaps not. But operating systems did, essentially, and that was my point.
What place is that, may I ask?
There is that...
I know you're baiting me, homey, and I know I'm no expert.
But if you know your stuff you will acknowledge the connection to DEC and Bell Labs.
...OTOH, which would I trust more? Russian, or American software written with all the Obama (et. al.) required spyware?
I spent a little time close to political power, nothing to really brag about; but, I learned then there is a huge difference between the true story and public reports and knowledge.
I suspect Stuxnet will only truly be revealed many years hence, if then.
There is an american firm that’s released a fair amount of basic facts about its structure along with some guesses on analysis from these facts. Not a whole lot, but IMHO, the closest to what’s really known outside of government thus far.
My point being that stuff gets written everywhere, there is no single origin point, and even if we think we know the provenance of any bit of code, odds are good chunks of it were outsourced to people in nations hostile to anywhere with freedom and liberty.
And today, I have to include anywhere under the thumb of the US federal government on that list. *sigh*
:’) At least your old German professor is dead now.
Kaspersky has quite a good reputation. Good detection rate, good protection, aggressive if that’s your preferred way.
Not mine these days, but if I wanted active protection rather than passive, they’d be top on the list, unquestionably.
If youd like to be on or off, please FR mail me.
I’m not being very clear.
I respect kaspersky as software engineers, viruses, etc.
But Stuxnet involves international politics: Israel, Russia, iran, US, Pakistan, etc., etc.
Who is doing what and who thinks who can do what or thinks who is doing what... all has diplomatic and military impact.
I don’t know what influence the Russian government has on Kaspersky’s research and reporting on this matter; it would not be absurd to think the government has considerable interest and therefore a lot to do with what is reported.
I don’t know, but that’s why i said I’d be more comfortable with this report if it didn’t come from a Russian firm, where, i believe the government has a heavier hand in industry.
My point, a bit rhetorical, was that three main OSs have their roots at DEC, which ran with Bell Unix, iirc, though when the hardcore geeks pile on you’ll know how hazy i am on the details. Notwithstanding that, there is a tangible connection, made more tangible by business’s propensity for cutting-and-pasting useful routines.
He and his team were probably paid in pizza and beer and leftenant wages in the IDF “signal core.”
Undoubtedly, however, there is a great job at graduation.