Information Security in Today's Digital Culture

Anti-Malware Vendor Fight: Duqu vs. Stuxnet

November 2nd, 2011 | Posted by Brett Edgar in Malware | Security

It looks like the main anti-malware vendors are choosing sides and going head-to-head on the relationship between Duqu and Stuxnet.  So far, the fight is Symantec and Kaspersky, who say Duqu is related to Stuxnet, vs. SecureWorks and Bitdefender, who say they are not related at all.

If you haven’t heard, Duqu is a new piece of malware that has been found so far in Sudan and Iran and is spreading via an unknown method. It is similar to Stuxnet in that it installs a rootkit on infected machines and injects encrypted DLLs into the Windows kernel.  As SecureWorks points out in this analysis, none of this behavior is unique.  It is dissimilar to Stuxnext in that it does not appear to be targeting SCADA PLCs, but is apparently a remote-access trojan that receives commands and exfiltrates data.

It seems to me that the anti-malware vendors are just trying to ride the coattails of the media coverage of Stuxnet. (Wait, isn’t that what I’m doing here?)

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply