The spread of many versions of malicious program Doqu, is major online news in the field of IT security. This is due largely to some similarities between this new worm and "The Stuxnet worm" with a bad reputation that spread in the last year. But what is of concern in this case is that the ultimate goal of Doqu worm is still unknown. Referred to experts in the fight against malicious programs Kaspersky Lab had conducted their analysis on the new malicious program, and reached the main results we'll put it here.
Duqu worm was detected for the first time in early September 2011. After an internet user in Hungary, download a malicious program components on Virustotal, which analyzes the files infected by antivirus programs from different companies (including Kaspersky Lab). But it turned out that the sample that was detected first, was just one of many components that make up the worm. After a brief period, and in a similar way, some experts in the fight against malicious programs Kaspersky Lab found a sample of another unit of the worm through the site Virustotal, and allowed the analysis to find similarities between them and the Stuxnet.
Although there are some general aspects of the similarity between the two worms Doqu and Stuxnet, but there are also significant differences. After a brief period of finding several types of worm Doqu, Kaspersky Lab experts began tracking the worm attempts to infect devices in real-time users of Kaspersky security based on the cloud. What is surprising is that during the first 24 hours the worm infecting a single system only. On the other hand, the Stuxnet worm infecting tens of thousands of systems throughout the world, and assumes, however, it was mainly aimed at industrial control systems used in Iran's nuclear programs. The worm Doku ultimate goal is still unclear.
The only infection that is registered between KasperSky's users is an infection of one of multiple units that are supposed to constitute a worm Doqu. It didn't found cases of infection through the second unit, which is, in essence, a program separate from the malignant type of Trojan-Spy. It is noteworthy that this unit of worm Doqu particular function that has the malware, it collects information on the infected machine and also monitors the executing key clicks on the keyboard of the infected device.
In this context, head of security experts at Kaspersky Lab Alexander Gostev, said : "I have not come across yet any cases of infection on computers for our customers by means of a Trojan-Spy worm Doku. This means that the worm Doqu may be directed against a small amount of specific objectives, and can use different units to target each and every one of them. "
Among the mysteries associated with Doqu worm that has not been detected so far, the primary means used to penetrate the system: has not yet been found or installed "the program falling" to do so. The search for the unity of the worm Doqu still in progress, note that this unit in particular that will help us in finding the ultimate goal of this malicious program.
source : http://www.aitnews.com.
Translated by : Tahar ZoFix.
Duqu worm was detected for the first time in early September 2011. After an internet user in Hungary, download a malicious program components on Virustotal, which analyzes the files infected by antivirus programs from different companies (including Kaspersky Lab). But it turned out that the sample that was detected first, was just one of many components that make up the worm. After a brief period, and in a similar way, some experts in the fight against malicious programs Kaspersky Lab found a sample of another unit of the worm through the site Virustotal, and allowed the analysis to find similarities between them and the Stuxnet.
Although there are some general aspects of the similarity between the two worms Doqu and Stuxnet, but there are also significant differences. After a brief period of finding several types of worm Doqu, Kaspersky Lab experts began tracking the worm attempts to infect devices in real-time users of Kaspersky security based on the cloud. What is surprising is that during the first 24 hours the worm infecting a single system only. On the other hand, the Stuxnet worm infecting tens of thousands of systems throughout the world, and assumes, however, it was mainly aimed at industrial control systems used in Iran's nuclear programs. The worm Doku ultimate goal is still unclear.
The only infection that is registered between KasperSky's users is an infection of one of multiple units that are supposed to constitute a worm Doqu. It didn't found cases of infection through the second unit, which is, in essence, a program separate from the malignant type of Trojan-Spy. It is noteworthy that this unit of worm Doqu particular function that has the malware, it collects information on the infected machine and also monitors the executing key clicks on the keyboard of the infected device.
In this context, head of security experts at Kaspersky Lab Alexander Gostev, said : "I have not come across yet any cases of infection on computers for our customers by means of a Trojan-Spy worm Doku. This means that the worm Doqu may be directed against a small amount of specific objectives, and can use different units to target each and every one of them. "
Among the mysteries associated with Doqu worm that has not been detected so far, the primary means used to penetrate the system: has not yet been found or installed "the program falling" to do so. The search for the unity of the worm Doqu still in progress, note that this unit in particular that will help us in finding the ultimate goal of this malicious program.
source : http://www.aitnews.com.
Translated by : Tahar ZoFix.
No comments:
Post a Comment