Expert: Duqu Is a Custom Attack Framework

Trailrunner7 writes "All of the hype about Duqu being the next Stuxnet obscured many of the real facts about the new malware. It turns out that Duqu not only is essentially a customizable attack framework with separate modules for each target, but that it has been found on high-value networks in Iran and the Sudan. A detailed analysis of the Duqu malware files by Alex Gostev of Kaspersky Lab shows that the malware uses different drivers and modules for every target. 'It is obvious that every single Duqu incident is unique with its own unique files using different names and checksums. Duqu is used for targeted attacks with carefully selected victims,' Gostev said."

Antivirus / security companies

[vlm]

How do the big anti-virus / security companies coordinate their work so as not to offend their local government?

Or, as the conspiracy theorists have long claimed, are the virus writers and anti-virus writers merely different departments of the same company, which makes coordination inside at least one company pretty easy?

I would imagine anti-virus / security companies based in the US and Israel are probably not getting "attaboys" from their government for figuring out the latest Duqu thing.

The real problem

[JoshuaZ]

The real problem with this sort of thing is the arms race that it inspires. Sure, one might not mind this sort of attack on Iran. But what happens in the next stage when China or Iran tries to do this to some other country? The problem with making new weapons is that the advantage they give only lasts until someone else has it. The collateral damage they do lasts indefinitely. This sort of lesson is especially true for something like this that can most easily target civillian assets.