Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → Software and Operating Systems →

Security → DuQu Mystery Language Solved With the Help of Crowdsourcing

uniqs
434

« Problems Uninstalling Centurylink Online Security 9.01 • Big problems with Avast! support »

siljaline I'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC 1 recommendation	siljaline Premium Member 2012-Mar-20 9:21 pm DuQu Mystery Language Solved With the Help of Crowdsourcing quote: A group of researchers who recently asked the public for help in figuring out a mysterious language used in the DuQu virus have solved the puzzle, thanks to crowdsourcing help from programmers who wrote in to offer suggestions and clues. The language, which DuQu used to communicate with command-and-control servers, turns out to be a special type of C code compiled with the Microsoft Visual Studio Compiler 2008. Researchers at Kaspersky Lab, who put out the call for help two weeks ago after failing to figure out the language on their own, said they received more than 200 comments to a blog post they wrote seeking help, and more than 60 direct emails from programmers and others who made suggestions. DuQu, an espionage tool that followed in the wake of the infamous Stuxnet code, had been analyzed extensively since its discovery last year. But one part of the code remained a mystery – an essential component of the malware that communicates with command-and-control servers and has the ability to download additional payload modules and execute them on infected machines. More Others: • Security Week • The Register
	actions · 2012-Mar-20 9:21 pm ·

siljaline	siljaline Premium Member 2012-Mar-21 6:28 pm Duqu Alive And Well: New Variant Found In Iran Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware By Kelly Jackson Higgins - Dark Reading quote: The creators of Duqu may not have used traditional malware writers to craft their code, but they have done something that malware writers do: released a new variant of their code with just enough tweaks to evade detection. A day after researchers from Kaspersky Lab revealed that with the help of the security community, they had cracked the mystery of the programming language used in Duqu, researchers from Symantec yesterday announced that they had discovered a new variant of Duqu -- the first one spotted since October of last year. The first two were found in the wild in November of 2010. Vikram Thakur, principal manager at Symantec Security Response, says the creators of Duqu -- which Symantec and Kaspersky agree are the same ones who are behind Stuxnet -- basically changed a few bytes here and there to allow the malware to sneak past detection tools including an open-source one built by the Laboratory of Cryptography and System Security (CrySyS Labs). "This is round two of the same thing: the old code, tweaked a bit," Thakur says. They changed the encryption algorithm and rather than employing a stolen digital certificate as they had done before, the attackers instead used a phony Microsoft cert to make the driver appear to be legitimate. The sample discovered by Symantec came out of Iran, Thakur says, and it's just one piece of the malware package: specifically, the "loader," which installs the rest of the malware when the victim's machine restarts. The compile date on the malware is February 23, 2012. More
	actions · 2012-Mar-21 6:28 pm ·

Forums → Software and Operating Systems → Security	« Problems Uninstalling Centurylink Online Security 9.01 • Big problems with Avast! support »