Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

The Duqu Worm—As troublesome as Stuxnet?

Today, Symantec announced its latest discovery, Duqu. Quite ominously, it is being called the precursor to the next Stuxnet, an attack that is often considered the most complex of this decade. In fact, activity is still being linked to the Stuxnet team.

So what kind of havoc is Duqu wreaking? According to the Symantec report, essentially the Duqu worm (called that because it creates files with the file name prefix “~DQ”) is logging keystrokes and using encryption assets from Taiwanese certificate authorities to encrypt and extract payloads. So far, only a few sites are known to be attacked the Duqu code. Still, certificate authorities are being encouraged to check their systems and inventory to confirm that they have not been compromised.

What is alarming is just how similar Duqu is to Stuxnet. The infection model and just about everything else is the same—there is just no need for a nuclear centrifuge this time. Organizations that have a solid logging infrastructure on their network would clearly notice connections to unknown, foreign hosts. This would be a dead giveaway that you have been hacked. People who do not monitor their networks with a log management infrastructure are like the homeowner who buys fake surveillance cameras for their house…and still gets ripped off.

Read the original blog entry...

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.