Skip to main content

Duqu incidents detected in Iran and Sudan

posted onOctober 27, 2011
by l33tdawg

Security vendor Kaspersky Lab has identified infections with the new Duqu malware in Sudan and, more importantly, Iran, the main target of the Trojan's predecessor -- Stuxnet.

Duqu took the security industry by storm last week when the Hungarian research laboratory Crysys shared its analysis of the new threat with the world's top antivirus vendors.

Believed to be closely related to the Stuxnet industrial sabotage worm, from which it borrows code and functionality, Duqu is a flexible malware delivery framework used for data exfiltration. The main Trojan module has three components: a kernel driver, which injects a rogue library (DLL) into system processes; the DLL itself, which handles communication with the command-and-control server and other system operations, like writing registry entries or executing files; and a configuration file.

Source

Tags

Duqu Security Iran Sudan

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th