Experts in the field of security of Symantec corporation announce emergence of new threat of Duqu which can become a harbinger of the following wave of the target attacks to manufacturing enterprises, similar to last year's attacks on the Iranian nuclear power plants, Stuxnet organized by creators. The virus is called Duqu as creates files with a prefix of "DQ".
Last year the whole world watched succession of events in the matter of Stuxnet. This worm was capable to break operation of SCADA automated control systems. It became clear later that the Iranian nuclear power plants were its main goal. In addition among victims there were USA, Russia, Great Britain, India and the other countries.
This time the European manufacturing enterprises became the victims. But for the purpose of security information on quantity, location and names of the enterprises is not reported.
On analysis results of the code of a new trojan, specialists of Symantec revealed amazing similarity to the Stuxnet code. And the found files of drivers had the same digital signatures, as at the known worm. And the term of their action expires in August, 2012, and the owner is the Taiwan producer of electronic components.
Main objective of Duqu is intelligence information about the equipment which is available at the enterprise and systems used for management of a production cycle. It can be any information which will be useful to the organization of attack, beginning from simple office and finishing with the classified design documents.
Are exposed to risk of leak different information type and files. These are files, including on removable mediums, screenshots, logiya about keyboards, the list of the started processes, data of accounts of users. Besides, creators of a virus are interested in names of open windows, network information, data on the domain, names of disks and other data.
During the research the threat was classified as a trojan of remote access (RAT). Unlike the primogenitor he does not create own remarks, however has potential to load additional harmful content. In other words, having got to a system, the trojan contacts a remote server from where loads a backdoor.
Thereof there is possible an installation of other malware allowing to obtain any useful data as, for example, the characters entered from the keyboard or other information on assets of the enterprise. And, data exchange with the server can be both on HTTP, and on HTTPS to the protocol. One more important feature of a trojan is its validity period - after 36 days it self-destructs.
Information on the one who is a creator of this sample while is not present. However either authors of Stuxnet, or the other persons who got access to source codes of a worm can be quite responsible for it.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |