Another Relative of Stuxnet

October 20, 2011

Back in the fall of last year, we first began to learn about the Stuxnet worm, which targeted industrial control systems made by Siemens, and which was notable for its sophistication, compared to  garden-variety malware.  Because one of the targets of the Stuxnet attack was Iran’s uranium enrichment facility, there has been some speculation that the worm might have been created by a government, perhaps the US or Israel.  There has also been concern that the techniques used in Stuxnet might find their way into other exploits, especially since versions of the Stuxnet code are available on the Internet.

According to an article at Wired, a new variety of malware, dubbed DuQu, has been discovered in Europe, and it contains many similarities to Stuxnet.

A little more than one year after the infrastructure-destroying Stuxnet worm was discovered on computer systems in Iran, a new piece of malware using some of the same techniques has been found infecting systems in Europe, according to researchers at security firm Symantec.

Technically, DuQu is not a worm, since it does not self-replicate; and, at least so far, it has not been found with any destructive components.  It appears to be primarily an intelligence gathering and remote access tool; quite possibly it is intended as the precursor to a Stuxnet-style attack.  It incorporates a keystroke logger, and can transmit encrypted information back to a control server, disguised as image (JPG) files.

The PC security firm, Symantec, has published a blog post describing their analysis of DuQu; they have also made their research report [PDF] available.   The SANS Internet Storm Center also has a diary post on DuQu.

Update Thursday, 20 October, 23:15 EDT

The security vendor F-Secure has a blog post about DuQu, and an analysis page.

Java 6 Update 29 Released

October 20, 2011

Oracle has released a new version 6, update 29, for its Java run-time environment, for Windows, Solaris, and Linux.  (Apple packages and releases its own version of Java for Mac OS X.)   This version contains fixes for numerous bugs, including 20 security vulnerabilities, some of them serious.  More information is available in the Update Release Notes, and the Critical Patch Update Advisory.  (Incidentally, the last released version was Java 6 Update 27; there was no released Update 28.)

If you have Java installed on your system, I recommend that you install the new version as quickly as you conveniently can.  Windows users can use the built-in automatic update mechanism; alternatively, the new version can be downloaded here.

%d bloggers like this: