[ISN] Duqu not created by authors of Stuxnet worm, says security company

From: InfoSec News <alerts_at_private>
Date: Tue, 1 Nov 2011 02:48:01 -0500 (CDT)
http://news.techworld.com/security/3314579/duqu-not-created-by-authors-of-stuxnet-worm-says-security-company/

By John E Dunn
Techworld
31 October 2011

The design similarities between the recently-publicised Duqu malware and 
the infamous Stuxnet worm that caused widespread alarm more than a year 
ago have been hugely exaggerated, an analysis by Dell SecureWorks has 
concluded.

The essence of the company’s strip-down analysis is that despite some 
common features, Duqu and Stuxnet have been designed to do different 
jobs, one very targeted, the other more general.

The two pieces of malware do share rootkit-like design elements, 
including the way the kernel level driver has been implemented and its 
loading of encrypted DLL files. Strikingly, both also use a 
driver-signing certificate from the same Taiwanese company, JMicron, for 
one of their kernel files.

“The commonality of a software signing certificate is insufficient 
evidence to conclude the samples are related because compromised signing 
certificates can be obtained from a number of sources,” said the 
unconvinced researchers. “One would have to prove the sources are common 
to draw a definitive conclusion.”

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Tue Nov 01 2011 - 00:48:01 PDT

This archive was generated by hypermail 2.2.0 : Tue Nov 01 2011 - 00:58:47 PDT