http://www.informationweek.com/news/security/attacks/231903138 By Mathew J. Schwartz InformationWeek November 16, 2011 New information continues to emerge about the Duqu malware that was designed to steal information relating to industrial control systems. The latest analysis of the Duqu malware has found that one of the components used in the attack was compiled in 2007. But Duqu was used in a targeted attack as recently as April 2011, pointing to a possible four-year attack campaign by Duqu's authors, whose identities and affiliations remain unknown. What is known, however, is that to date, Duqu infected organizations in at least eight countries--including Iran--in part by using a still-unpatched Windows zero-day vulnerability. Furthermore, as researchers continue to study Duqu variants, these findings have emerged: 1. Duqu was a boutique exploit. To date, researchers have discovered "12 unique sets of Duqu files," said Alexander Gostev, chief security expert at Kaspersky Lab and author of a recent Duqu report. That's significant, since "for every victim, a separate set of attack files was created," he said via email. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Nov 17 2011 - 02:40:07 PST
This archive was generated by hypermail 2.2.0 : Thu Nov 17 2011 - 02:43:10 PST