New Version of Duqu Malware Hits Security Giant Kaspersky Lab

Malware Hits Security Giant Kaspersky Lab

In the early spring of 2015, security firm Kaspersky Lab detected a cyber-intrusion of its own internal systems while testing a prototype of an anti-APT (advanced persistent threat) solutions. After the attack was detected Kaspersky launched a massive investigation, which led to the discovery of a new version of malware platform from one of the most skilled and powerful threat actors in the APT world - the Duqu malware platform.

Duqu is a variety of software components that together provide services to the attackers, which includes information stealing capabilities and injection tools. Analysts believe that Duqu is written in unknown high level programming language, known as “Duqu framework”. Experts believe that Duqu is closely related to another highly sophisticated malware Stuxnet. And like Stuxnet, Duqu also targets Microsoft Windows OS using zero-day vulnerabilities.

Duqu 2.0, the malware associated with the Kaspersky attacks, was a fully upgraded version of the original Duqu malware, which was discovered in 2011. The new version included some unique and earlier unseen features. The new version used an advanced method to hide its presence in the system. It ran entirely in computer memory and didn't leave behind any disk files or change system settings, making detection extremely difficult. It spread in the network through Microsoft Software Installer or MSI files which are commonly used to deploy software on remote Windows computers. The new malware has exploited up to three zero-day vulnerabilities, a highly impressive feature that strongly suggests that this is a nation-sponsored campaign.

Kaspersky confirmed that the highly sophisticated malware has successfully penetrated its internal systems by taking advantage of a zero-day in the Windows Kernel. An initial security audit and technical analysis launched by Kaspersky, revealed that the main goal of the attackers was to spy and acquire the company's newest technologies and internal processes. Kaspersky said, the level of sophistication of attack may even surpasses the Equation Group, a highly advanced secretive computer espionage group suspected of being tied to the United States National Security Agency. But Kaspersky has not detected any interference with its own internal processes or systems, which means that the company's product and services are completely safe.

In addition, the attack has also been recognized by rival security firm Symantec, which says that it has discovered Duqu 2.0 infections in the US, UK, Sweden, India and Hongkong. Symantec also found evidence that the new malware has been used in a number of different attack campaigns against a limited number of selected targets including a North African telecoms company, a European telecoms company and a South East Asian electronic equipment maker.

The Moscow-based Kaspersky has a fearsome reputation for being one of the most capable detection and defense companies in the world. It has been named a leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.

Image Courtesy of: Demanjo

Recommended Posts | IT News

iCloud Hack Leaked Cloud Security

iCloud Hack Leaked Cloud Security puts Apple and Users at Risk

Cloud Security is a concern. With concerns on Icloud Hacks, Apple is performing damage control on one of the most embarrassing data breaches in IT history. The company got hit with a hacking scandal that involved its iCloud service, revealing private photos of a number of prominent celebrities ...
Mobile Startup Movirtu

BlackBerry Acquires Mobile Startup Movirtu To Enterprise Mobility

BlackBerry Ltd. has acquired Movirtu Ltd., a UK-based mobile technology startup whose software allows users to have both a business number and personal number on the same mobile device. BlackBerry is buying Movirtu Ltd. to boost its smartphone management capabilities and better target business users ...
Quantum Computers

New Revelation in Quantum Computers

The computers in operation currently are digital computers. Digital computers utilize data encoded into binary bits utilizing 1's and 0's. Quantum computers store information in quantum states of subatomic particles. Cyber security experts must begin to prepare for the eventual implementation ...
Protect Data Privacy

Major Tech Companies Fight Big Government to Protect Data Privacy

Federal agencies routinely place requests for major technology companies to relinquish user data without a warrant. Companies believe that federal agencies have misused. Microsoft, Google, Facebook and 7 other tech companies wish to restrict government surveillance powers and restore public trust ...