Saturday, November 05, 2011
Duqu - Son of Stuxnet
Duqu, a new malware using the same techniques as Stuxnet has been found infecting systems in Europe.
Though similar to Stuxnet, there are some differences:
1) It does not self-replicate in order to spread itself. Therefore, it is not a worm.
2) It does not contain a destructive payload that damages the hardware. Instead, it is designed to conduct reconnaissance to gather intelligence that can later be used to conduct a targeted attack on the control system.
3) It removes itself after 36 days.
there is some speculation that his malware (or something similar) was used as a precursor to gather intelligence for the Stuxnet attacks in Iran.