Slashdot Mirror
Experts 'Convinced' Duqu Work of Stuxnet Authors
Trailrunner7 writes "Researchers are fairly confident now that whoever wrote the Duqu malware was also involved in developing the Stuxnet worm. They're also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven't been documented yet. There was a lot of speculation when Duqu first emerged about whether the attack was the work of the same group--still unknown--that had created Stuxnet and unleashed it on Iran's nuclear facilities last year. Some of that was centered on supposed similarities in the code between the two pieces of malware, but that was before many of the individual components of Duqu had been identified and analyzed. Now that the analysis and research into the Duqu malware have advanced a bit, researchers say they've found more evidence that points to the malware being the work of the Stuxnet authors or their close associates. 'I'm convinced it's the same group,' Costin Raiu, director of global research and analysis at Kaspersky Lab, who has done much of the analysis of Duqu, said."
since the last time we met, Duqu!
So Duqu is estimated to have infected about 50 machines. It's a piece of scouting software that collects and maps information, but doesn't attack. It doesn't even phone home yet. It's obviously not news because of its impact to the broad population of computers on the Internet.
So what exactly is this story telling us? Panic now, because the Stuxnet authors are still on the loose and writing malware? Don't panic at all, because Duqu is obviously targeting an Enemy of the State (like Iran) and not generic PCs? Buy Symantec or Kaspersky antivirus software because their detection has gotten better since Stuxnet?
John
The CIA is backed up by a covert organization called the NID which wants to regulate the Stargate in Area 51. It's true.
To offset political mods, replace Flamebait with Insightful.
[evidence needed]
[citation needed]
[explicitly stated allegations needed]
[ad hominem needs review]
Who is funding Kaspersky labs?
My best guess is AV software sales.
If Stuxnet is designed to prevent the total destruction of Israel
That's a big "if" you're waving around there partner.
Stuxnet could be a weapon designed for use against Iran, possibly by Israel, but "designed to prevent the total destruction of Israel", that's pretty hyperbolic.
People who mess with the military often find themselves six feet under (unless they're cremated first).
Who's military are you talking about here?
Watch this Heartland Institute video
The greatest myth of Stuxnet is that the perpetrators who created it are still a mystery. A retiring Israeli general admitted on _video_ and bragged about the fact that Stuxnet was developed as a joint U.S.-Israeli project to attack Iran's nuclear facilities.
http://www.net-security.org/secworld.php?id=10596
Just today I posted a recent news on this Stuxnet-Duqu issue. Read it here http://slashdot.org/submission/1851158/stuxnet-30-released-at-malcon. Apparently we will hear a lot about this in the near future...
This is probably the intelligence community at work here. If competent (and from the signs of how well created Stuxnet and Duqu are, they are), people who out these things have nothing to fear. It would almost be an open admission of guilt to "make them disappear." Not to mention the risk of being caught. These worms have worked by subtlety and subterfuge, they won't stop doing that now. And that means not killing people. Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.
Now, if they were leaking something like a NOC list or exact design documents for thermonuclear warheads, that might be a different story. Stuxnet, however, already did its damage. Duqu probably did too.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Kaspersky Labs is funded by the sale of Kaspersky AntiVirus and the other security software that they sell direct on kaspersky.com. Everything else in your post in rambling, incoherent drivel that made my head hurt.
It's not exactly a secret that Mossad and the IDF were the chief suspects in the creation of Stuxnet. They were even publicizing their new cyber-warfare IDF division not too long before Stuxnet emerged. So I doubt Israel considers this a big secret. In fact, they may well want to publicize the "Threaten us and we can blow up your centrifuges" message it sends.
SJW: Someone who has run out of real oppression, and has to fake it.
Ralph Langner was the genius behind our knowing about what Stuxnet did. But his team of researchers aren't studying Duqu much because "please note that we don’t research Duqu as it appears to be unrelated to control systems." We don't have that genius picking apart Duqu as we do Stuxnet. But Duqu is not the next stuxnet. It's not nearly as cool. Stuxnet was a very unique virus for several reasons. Duqu is more like just a standard virus. I don't understand why Stuxnet was underplaid and Duqu is so overplayed. If you want the cool information on Stuxnet http://www.langner.com/en/2011/11/09/two-years-later/ is Langner's latest post.
No.
Malware researchers should investigate malware, regardless of its pedigree. The malware doesn't discriminate as to the computer. Duqu and Stuxnet will infect a Windows system regardless its location and use. That was part of the idea behind Stuxnet: wide initial deployment so that it would eventually find its way into the Iranian centrifuge system. The authors don't seem to care if they infect non-affiliated systems along the way.
There is also no reason why the exploits being used in Duqu and Stuxnet, presumably by western governments, can't be rebranded by our more run of the mill botnet farmers and spammers.
iran going to nuclear war would lead to iran's government to fall - a conventional war would do that as well, it's a card house. messing with their industrial machines only can slow things down though, it can't stop them.
besides, going public with the information straight on would actually protect the researchers, if they're worried about ending up six feet under. but the real reason for going public is that for the researchers the value of the work is going public and going public with it first, so they'll get pageviews.
but.. you could go on further and say that they're doing free r&d for duqu/stuxnet developers. it's a stretch to say that they're the same guys though, just based on analysing the code - it could be just some guy(s) who thought stuxnets architechture was worth looking into as research.
world was created 5 seconds before this post as it is.
More likely, stuxnet was designed as an alternative to an unpopular military action. Arab neighbors of Iran are eager for Israel to "handle" the issue so they can reap the benefits of an emasculated Iran without getting their own hands dirty. The situation for Israel is more complex; military action will galvanize anti-Israeli sentiments in the ME, and Iran is not their most immediate problem. BUT, neither can Iran be safely ignored. Stuxnet performed its job in buying extra time before Iran could finalize its nuclear program, but that extra time is running out.
Stuxnet has leaked to the public, someone could just copy and modify it.
Really, the idea that intelligence agencies work through murder is mostly (definitely not entirely, but mostly) a Hollywood/ New York Times Bestseller invention. In reality, assassination is way to risky to happen often or be used lightly.
Remember, we are talking about Israel here, they have no reservations about assassinations.
http://en.wikipedia.org/wiki/List_of_Israeli_assassinations
Don't know something? Look it up. Still don't know? Then ask.
Israel assassinates enemies; generally either Arabs or former Nazis. Attacking Russian citizens would be something completely different. They would want a bit more finesse and anonymity than they seem to have achieved recently.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
But who else would Iran use their nuclear weapons on?
Probably the same people who don't want Iran to be a nuclear country as much as Isreal; namely the rest of the Middle East.
I guess its a poor Western mentality that makes illogical group-think become accepted in that all Arab countries stick together. Nothing could be farther from the truth. Just about EVERY ME country does NOT want Iran to get nukes and have been actively encouraging every country (include the US) to militarily intercede into Iran.
Bluntly, most of the people who accuse Israel and the US of engineering these things do so by proudly proclaiming their ignorance of how the world works. The fact is, only crazy nutjobs want Iran to get nukes which means almost the entire world is more than happy to actively work against Iran's nuclear ambitions. And only Israel has interests equal to or slightly greater than all of the other ME countries in the region.
Ummm... Israel is the only nation in the region attacking its neighbors. Get past the propaganda, and it is pretty apparent who the real terrorists are.
Right. The missiles shot from Gaza into Israeli territory were launched by whom? The Mossad? Not that I condone a lot of what the Israeli government is doing these days, but even for an AC, you seem remarkably dense.
Faster! Faster! Faster would be better!
How the heck do you pronounce " Duqu "?
It's pronounced : "for God's sake, keep Lucas away from writing any more Star Wars"
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Iran is not an arab country.
Watch this Heartland Institute video
Who is funding Kaspersky labs?
Kaspersky, eh? Sounds awfully Russian. And we all know them commies ain't ever up to no good. Quick Mabel, to the bunker!
Random Thoughts From A Diseased Mind (Not For Dummies)