Malware

Stuxnet has become the bogeyman of Internt security and cyberwar, showing up in marketing pitches, PowerPoint presentations and press releases from Washington to Silicon Valley to Tehran. But while Stuxnet has been garnering headlines for more than a year now, the far more serious threat in terms of potential long-term damage has turned out to be Duqu. The malware first came to light in September, but it may have been circulating four or five months before that. Its customizable, modular architecture has been a challenge for researchers seeking to understand its operation and its creators’ intentions. Threatpost editor Dennis Fisher spoke with Costin Raiu, one of the main researchers working on Duqu at Kaspersky Lab, about the relationship between Stuxnet and Duqu, the possible identity of the attackers and the investigation into its architecture.

Citing a looming crisis over lax computer security, Senate Majority Leader Harry Reid said on Wednesday that the Senate will debate cybersecurity legislation. The move comes despite the lack of a coherent Senate plan and could set up a showdown with House Republicans over the government’s role in forcing industry to strengthen cyber protections, according to a report by The Hill.

Dennis Fisher talks with malware researcher Costin Raiu about the investigation into Duqu, the likelihood that it was written by the same team as Stuxnet, whether a government is behind its development and what mistakes the authors made.

Researchers are fairly confident now that whoever wrote the Duqu malware also was involved in some way in developing the Stuxnet worm. They’re also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that haven’t been documented yet.

Microsoft has a new way of determining the geolocation of systems infected with malware, and it had subtle but relevant effects on the 11th volume of the Microsoft Security Intelligence Report. It’s a novel concept, instead of relying on an administrator-specified setting that anyone with hands and a mouse can change, they are now relying on IP addresses.

As Android market share has shot up in recent months, so has the volume of malware designed for the mobile platform. There’s been a whopping 472 percent increase in Android malware samples in the last three months alone, according to research from Juniper Networks.

F-Secure researchers claim that malware spreading via malicious PDF files is signed with a valid certificate stolen from the Government of Malaysia, in just the latest evidence that scammers are using gaps in the security of digital certificates to help spread malicious code.