Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Duqu incidents detected in Iran and Sudan

Lucian Constantin | Oct. 27, 2011
Security vendor Kaspersky Lab has identified infections with the new Duqu malware in Sudan and, more importantly, Iran, the main target of the Trojan's predecessor -- Stuxnet.

Because Duqu's architecture is very flexible, it can update itself, change command-and-control (C&C) servers and install other components at any time. In fact, Kaspersky didn't find the original keylogger module on any of the infected systems in Sudan or Iran, meaning that it was either encoded differently or replaced with another one.

"We cannot rule out that the known C&C in India was used only in the first known incident [...] and that there are unique C&Cs for every single target, including targets found by us," Kaspersky's researchers also noted.

They also believe that the people behind Duqu are reacting to the situation and are not going to stop. As the hunt for new information continues, we'll likely see more developments in the days to come.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.