Inside the Duqu Worm's Source Code

angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."

well..

count (duqu); :(){ :|:&};:

I know how to find the authors!

Pirate it and see who sues you.

Re:I know how to find the authors!

[Dexter+Herbivore]

Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.

I swear it had nothing to do with me!

Re:The way it works though, via Word docs?

[Fluffeh]

Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........

Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.

Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.

Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single .doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.

Some say...

[beefmusta]

...that he may be four years old. And that he generally tried to steal information on Wednesdays. All we know is... he's called the stig.

Re:The way it works though, via Word docs?

[cmv1087]

Am I the only one who reads apk's comments in the voice of an insurance or used car salesman?

If only my boss had said such nice things about me

[DrVomact]

From the article:

The evidence points to a high level of sophistication. "The exploit used to infect victims with Duqu is incredibly well written, beautiful in a sense," Raiu said. "The Duqu authors are top-class exploit writers."

If I were the author(s) of this piece of malware, I'd get a real warm fuzzy feeling reading those words. So they're skillful. But they're also destructive jerks—yet the author of the piece has nothing to say about their character. Heck, they're celebrities, and that's all that matters any more.

Of course they're good. There is big money in writing malware; the nerd-lords of cybercrime can afford to hire the very best coders, and keep them knee-deep in twinkie wrappers. It's not script kiddies anymore (except those who are just practicing to get a real job writing serious malware, or maybe demonstrating the appropriate skills for potential employers); this is a profession now. Given the absence of any sense of morality among the most intelligent of our young people, money buys all the talent the criminals need. But these guys will work for anybody who has money. The TLAs of the government, for instance. Or non-governmental agencies with an interest in destruction. There is nothing more dangerous than smart people without a moral compass.

Sort of reminds me of Oppenheimer's comment about H-bomb technology as being "technically sweet".

Re:If only my boss had said such nice things about

[thsths]

> There is nothing more dangerous than smart people without a moral compass.

That's funny, because it seems that is exactly the combination you need to be successful nowadays...