Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Duqu, Stuxnet malware developed by same group (screwed Iran - big time)
Newsbytes ^ | 1/20/12

Posted on 01/26/2012 6:57:32 PM PST by Libloather

Duqu, Stuxnet malware developed by same group
Posted on 20 Jan 2012 at 2:29pm

The infamous Trojan software Duqu and Stuxnet were developed by only one group of malware developers, according to Internet security firm Kaspersky Lab.

In fact, Kaspersky said the malware development team could already have developed other malwares using the same platform that was flexibly adaptable to specific targets.

Kaspersky released a report stating that Duqu and Stuxnet, as well as a number of malware discovered in 2011 were using a development platform called “Tilded,” citing the use of the tilde symbol (“~”) in many of these malware.

The Kaspersky team, led by its Chief Security Expert Alexander Gostev discovered the similarities between these malware during an extensive investigation in 2011 that aimed to identify the source of these Trojans.

Some of the similarities include a software driver within Duqu and Stuxnet that commanded how the malware would work when it infects a computer. Among the few key differences is the date of the signing of the digital certificate.

Gostev noted that the Tilded platform was created around 2007 or early 2008, after which it underwent more significant changes in late 2010. The significant changes in the Tilded platform were fueled, most likely, by the need for malware creators to make their malwares less detectable to antivirus applications.

“The drivers from the still unknown malicious programs cannot be attributed to activity of the Stuxnet and Duqu Trojans. The methods of dissemination of Stuxnet would have brought about a large number of infections with these drivers; and they can’t be attributed either to the more targeted Duqu Trojan due to the compilation date,” said Gostev.

“We consider that these drivers were used either in an earlier version of Duqu or for infection with completely different malicious programs. Moreover, these could have been same platform and, it is likely, a single creator-team,” Gostev added.

Meanwhile, other malware that are yet to be identified also had some similarities to either Duqu and Stuxnet, fueling speculation as to the source of these malware.

Duqu was discovered “in the wild” in late 2011 while Stuxnet was spreading since mid-2010. Their mode of attack is to infect very specific, industrial machines. Once it infects a machine, it captures specific information and commands and sends these to the one where the malware was deployed.

Administrators of these industrial devices that were infected often do not know of the presence of Duqu or Stuxnet unless they run a systems analysis of their information technology infrastructure.

It has been speculated that the purpose of Duqu, Stuxnet and their similar malware is for espionage as some of the infections were found in nuclear power plant facilities, especially in Iran.

“There were a number of projects involving programs based on the “Tilded” platform throughout the period 2007-2011. Stuxnet and Duqu are two of them – there could have been others, which for now remain unknown. The platform continues to develop, which can only mean one thing – we’re likely to see more modifications in the future,” warned Gostev.


TOPICS: Crime/Corruption; Extended News; Germany; Government; Israel; News/Current Events; Russia
KEYWORDS: alexandergostev; duqu; germany; india; iran; israel; kaspersky; malware; pakistan; russia; stuxnet; tilded
Too cool...
1 posted on 01/26/2012 6:57:40 PM PST by Libloather
[ Post Reply | Private Reply | View Replies]

To: Libloather

Baraq forgot to send his buddy Imawhackjob some antivirus software.....


2 posted on 01/26/2012 7:04:13 PM PST by nascarnation (DEFEAT BARAQ 2012 DEPORT BARAQ 2013)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Libloather; hiredhand

Bttt....wow.


3 posted on 01/26/2012 7:06:00 PM PST by Squantos (Be polite. Be professional. But have a plan to kill everyone you meet)
[ Post Reply | Private Reply | To 1 | View Replies]

I’d feel better about this report if Kaspersky were not a Russian firm.


4 posted on 01/26/2012 7:13:18 PM PST by D-fendr (Deus non alligatur sacramentis sed nos alligamur.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: D-fendr
I’d feel better about this report if Kaspersky were not a Russian firm.

The inability to just throw more and more processor speed and memory at a problem made a lot of Russians into very fine programers.

We have bloatware...

5 posted on 01/26/2012 7:25:57 PM PST by null and void (Day 1101 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 4 | View Replies]

To: Libloather

A LOT of speculation. Sounds like they studied and studied and still scratch their heads WTF. hehehe


6 posted on 01/26/2012 7:29:46 PM PST by visualops (artlife.us)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Libloather

I’ve read up on Stuxnet and know the Siemens hardware it was aimed at, and whoever came up with this is a freakin’ genius. I hope he’s paid well in the 1% range and continues to wreak cyber-havoc on our enemies for a long time to come.


7 posted on 01/26/2012 7:30:13 PM PST by bigbob
[ Post Reply | Private Reply | To 1 | View Replies]

To: AdmSmith; AnonymousConservative; Berosus; bigheadfred; Bockscar; ColdOne; Convert from ECUSA; ...

The Tilded Age ping. Thanks Libloather.


8 posted on 01/26/2012 7:30:40 PM PST by SunkenCiv (FReep this FReepathon!)
[ Post Reply | Private Reply | View Replies]

To: Libloather

ESET NOD32 is what I use.
Works great and on a 64-bit platform.

My office provides Semantec software for free but I won’t touch that bloatware and prefer to go with the yearly subscription for ESET’s product.


9 posted on 01/26/2012 7:38:22 PM PST by Chewbacca (woof woof. That's my other wookie impression.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void
We have bloatware...

Yes, Indeed. Caused by the wrong motivation in software development. Written for creating ad revenue, tracking and forced system upgrades. We no longer try to build a better mouse trap, it is all about escalator software, planned obsolescence, forced hardware upgrades and vertical marketing scams.

This is why in 1994 I began using Linux as an alternative. Is it better? Probably, in terms of stability. But it is written by those who are not in it to make systems self destruct, which for me is definately better.

10 posted on 01/26/2012 7:44:38 PM PST by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Libloather

well then there, it looks like y2k is just sitting around waiting to happen.


11 posted on 01/26/2012 7:45:42 PM PST by the invisib1e hand (religion + guns = liberty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texas Fossil
But it is written by those who are not in it to make systems self destruct...

Until they are.

It all comes from the same place, pretty much, as I understand it.

12 posted on 01/26/2012 7:48:02 PM PST by the invisib1e hand (religion + guns = liberty.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: null and void

thanks for your reply.

It’s not their expertise I wonder about, it’s their agenda, independence and objectivity.


13 posted on 01/26/2012 7:53:14 PM PST by D-fendr (Deus non alligatur sacramentis sed nos alligamur.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: the invisib1e hand

Slimeware & Malware do not all come from the same place.

Viruses, Worms, Trojans do not all come from the same place.

System security compromises? That might be another matter. Certain agencies would never sign of on systems with no “openings”.

It is important? Yes. Is it necessary, possibly. Will the technology be used for our advantage? I doubt it.

I am too old to consider programming, but have lots of hours ferreting out computer bugs. Not trained as an IT tech. Background in devices with wires and traces. In another time I etched lots of boards. Seems very archaic today, but was fun then.

Lately I have had the urge to push away from PC’s and back to RF. It may eventually come to that for me.


14 posted on 01/26/2012 7:55:10 PM PST by Texas Fossil (Government, even in its best state is but a necessary evil; in its worst state an intolerable one)
[ Post Reply | Private Reply | To 12 | View Replies]

To: SunkenCiv
The Tilded Age ping. Thanks Libloather.

citing the use of the tilde symbol (“~”) in many of these malware

Don't want to give away my age, but that sounds old school. I took a few symbolic logic courses to supplement my programming algorithms. I had a German professor who was a stickler for proper tilde placement in 100+ line proofs. Missed one tilde and that was it for the entire problem. 0 credit.
15 posted on 01/26/2012 7:55:58 PM PST by PA Engineer (Time to beat the swords of government tyranny into the plowshares of freedom.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Texas Fossil
Slimeware & Malware do not all come from the same place.

Perhaps not. But operating systems did, essentially, and that was my point.

16 posted on 01/26/2012 7:57:35 PM PST by the invisib1e hand (religion + guns = liberty.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: the invisib1e hand

What place is that, may I ask?


17 posted on 01/26/2012 7:58:10 PM PST by null and void (Day 1101 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 12 | View Replies]

To: D-fendr

There is that...


18 posted on 01/26/2012 8:01:03 PM PST by null and void (Day 1101 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 13 | View Replies]

To: null and void
What place is that, may I ask?

I know you're baiting me, homey, and I know I'm no expert.

But if you know your stuff you will acknowledge the connection to DEC and Bell Labs.

19 posted on 01/26/2012 8:02:05 PM PST by the invisib1e hand (religion + guns = liberty.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: D-fendr

...OTOH, which would I trust more? Russian, or American software written with all the Obama (et. al.) required spyware?


20 posted on 01/26/2012 8:05:16 PM PST by null and void (Day 1101 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 13 | View Replies]

To: null and void

I spent a little time close to political power, nothing to really brag about; but, I learned then there is a huge difference between the true story and public reports and knowledge.

I suspect Stuxnet will only truly be revealed many years hence, if then.

There is an american firm that’s released a fair amount of basic facts about its structure along with some guesses on analysis from these facts. Not a whole lot, but IMHO, the closest to what’s really known outside of government thus far.


21 posted on 01/26/2012 8:10:37 PM PST by D-fendr (Deus non alligatur sacramentis sed nos alligamur.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: the invisib1e hand
I'm very much no expert! (I would have gone with Xerox PARC as a connection point).

My point being that stuff gets written everywhere, there is no single origin point, and even if we think we know the provenance of any bit of code, odds are good chunks of it were outsourced to people in nations hostile to anywhere with freedom and liberty.

And today, I have to include anywhere under the thumb of the US federal government on that list. *sigh*

22 posted on 01/26/2012 8:14:51 PM PST by null and void (Day 1101 of America's ObamaVacation from reality [Heroes aren't made, Frank, they're cornered...])
[ Post Reply | Private Reply | To 19 | View Replies]

To: PA Engineer

:’) At least your old German professor is dead now.


23 posted on 01/26/2012 8:36:33 PM PST by SunkenCiv (FReep this FReepathon!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: SunkenCiv
:’) At least your old German professor is dead now.

:-)
24 posted on 01/26/2012 8:43:03 PM PST by PA Engineer (Time to beat the swords of government tyranny into the plowshares of freedom.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: D-fendr; null and void

Kaspersky has quite a good reputation. Good detection rate, good protection, aggressive if that’s your preferred way.

Not mine these days, but if I wanted active protection rather than passive, they’d be top on the list, unquestionably.


25 posted on 01/26/2012 8:56:50 PM PST by Fire_on_High (WTB new tagline, PST!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dennisw; Cachelot; Nix 2; veronica; Catspaw; knighthawk; Alouette; Optimist; weikel; Lent; GregB; ..
Middle East and terrorism, occasional political and Jewish issues Ping List. High Volume

If you’d like to be on or off, please FR mail me.

..................

26 posted on 01/26/2012 10:40:05 PM PST by SJackson (The Pilgrims¬óDoing the jobs Native Americans wouldn't do !)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Fire_on_High

I’m not being very clear.

I respect kaspersky as software engineers, viruses, etc.

But Stuxnet involves international politics: Israel, Russia, iran, US, Pakistan, etc., etc.

Who is doing what and who thinks who can do what or thinks who is doing what... all has diplomatic and military impact.

I don’t know what influence the Russian government has on Kaspersky’s research and reporting on this matter; it would not be absurd to think the government has considerable interest and therefore a lot to do with what is reported.

I don’t know, but that’s why i said I’d be more comfortable with this report if it didn’t come from a Russian firm, where, i believe the government has a heavier hand in industry.


27 posted on 01/27/2012 1:05:37 AM PST by D-fendr (Deus non alligatur sacramentis sed nos alligamur.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: null and void

My point, a bit rhetorical, was that three main OSs have their roots at DEC, which ran with Bell Unix, iirc, though when the hardcore geeks pile on you’ll know how hazy i am on the details. Notwithstanding that, there is a tangible connection, made more tangible by business’s propensity for cutting-and-pasting useful routines.


28 posted on 01/27/2012 7:12:26 AM PST by the invisib1e hand (religion + guns = liberty.)
[ Post Reply | Private Reply | To 22 | View Replies]

Comment #29 Removed by Moderator

To: bigbob

He and his team were probably paid in pizza and beer and leftenant wages in the IDF “signal core.”

Undoubtedly, however, there is a great job at graduation.


30 posted on 01/27/2012 8:48:54 AM PST by Jewbacca (The residents of Iroquois territory may not determine whether Jews may live in Jerusalem.)
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson