October 18, 2011, 5:11PM
Analysis: Duqu Targets Certificate Authorities
Comment With virus researchers scrambling to decode a new piece of malware that is based on the code of the Stuxnet worm, an analyst at McAfee is speculating that the new worm, Duqu, may have been created to target certificate authorities.
Writing on McAfee's research blog, Guilherme Venere and Peter Szor say that an analysis of the Duqu code by McAfee experts suggests that the worm was created "for espionage and targeted attacks against sites such as Certificate Authorities (CAs)." The McAfee analysis, if accurate, is the first to explicitly mention the type of organization that the Duqu worm targeted, and would suggest that those behind the worm intended to use it as a precursor to subsequent, targeted attacks.
Certificate authorities have been prominent targets of hackers in recent months. In just the most recent example, the Dutch CA Diginotar was compromised and used to generate fraudulent certificates for Google, Mozilla, The Tor Foundation and other prominent Web sites. The Dutch government eventually broke ties with Diginotar, which was forced to declare bankruptcy in the wake of the incident. In March, the CA Comodo also reported that it was the victim of a compromise.
Editor's Pick
McAfee said that the Duqu worm has been identified in "professional, targeted attacks" against CAs in parts of Europe, the Middle East, Asia and Africa. The researchers speculate that a digital certificate belonging to the firm C-Media, based in Taipei, was not stolen, but forged by a compromised CA.
The McAfee analysis fills in some details omitted from a longer analysis released by Symantec Corp on Tuesday. That research declined to name the kind of firm targeted by the worm, but provided a detailed analysis of the Duqu code, which bears a close resemblance to Stuxnet, with shared code used for the injection attack and several encryption keys and techniques that were used in Stuxnet.
Like Symantec's report, the analysis from McAfee says that it knows of only a few infections linked to Duqu, and says the worm doesn't appear to be designed to attack industrial control systems, as Stuxnet was.
Commenting on this Article is closed.
Today's Most Popular
- Dear Jailbreaker, Apple Wants to Have a Word with You
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- White House Security Czar Howard Schmidt Retiring
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (5)
-
White House Security Czar Howard Schmidt Retiring (3)
-
Staggering Increase in Android Malware Variants, Trojan Apps (2)
-
Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist (2)
-
New P2P Zeus Variant Targets Popular Sites with Bogus Offers (1)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 60
Follow Threatpost
 |  |  |  |
| Tumblr |
