The editor Kaspersky victim of Duqu 2.0, spyware … – 01net

01net

on 10/06/15 at 8:28 p.m.

<- start R & eacute;! Social networks - Block High buttons - 649 // ->

<- beginning belly section -> <- top picture box: Image forc & eacute; e & agrave;! 300px wide ->

In the Moscow offices of Kaspersky, it was a nasty surprise. In a computer test, in early spring, security researchers discovered that they were victims for months of a particularly stealthy spyware. It generates very little network traffic moves slowly from post to post and leaves no trace on infected systems. “It does not create any file on the disk, does not change the registry. The malware will run only in memory. It is an almost invisible attack “, says Eugene Kaspersky, CEO of publisher, during a press conference in London

<- block ventral picture.! Image forc & eacute; ea 640px wide ->

Eurgene Kaspersky unveils Duqu 2.0

In dissecting the animal and by tracking it through the Internet, the publisher realizes all its complexity. To break into networks and broadcast from station to station, the malicious code was based on three 0day vulnerabilities that Microsoft has been corrected. As for the spy module itself, it has at least a hundred different plugins: network mapping, data extraction, remote access, file search, password theft, etc. In short, it is a true professional platform that only a state actor could be implemented. “This malware could cost ten million and mobilized a team of engineers to develop and support” , says Eugene Kaspersky.

A distant descendant of Stuxnet

But the most interesting is that the source code of the malware is not completely unknown. It is an evolution of Duqu, a spy software discovered in September 2011, cousin of the famous Stuxnet. For Kaspersky, no doubt is allowed: “This release would not have been possible without access to the source code version Duqu 2011. We conclude that the authors are the same or that they working together “, it said in the technical report of Kaspersky. Therefore, the publisher named this malware ‘Duqu 2.0 “.

It is not yet clear how the malware is introduced at Kaspersky, but it is likely that the attackers have used the emails “spearfishing”. The purpose of the attack appears to be spying on Kaspersky technologies: the tools used by researchers, ongoing research, detection methods, etc.

2.0 Duqu, a highly complex malware

But lurking behind this very sophisticated attack? Kaspersky no risk to any award and voluntarily limited to technical considerations. According to Wall Street Journal , which relies on government sources, Duqu was the work of Israeli secret service. It is therefore likely that Duqu is also 2.0. Especially since this would fit in with the other victims. Kaspersky analyzes have established that Duqu 2.0 also attacked three luxury hotels in Switzerland where the negotiations took place called “P5 + 1″ on the Iranian nuclear issue. A highly sensitive issue for the Israeli state. According to the publisher, attacks were also carried out as part of the 70th anniversary of the liberation of Auschwitz-Birkenau. Other victims have been located in “Western countries, the Middle East and Asia.”

Nevertheless, the discovery of Duqu 2.0 shows that governments are more than ever engaged in an escalation of cyber espionage, with the key processes increasingly sophisticated. “This is very bad news. All these techniques will be found sooner or later into the hands of cybercriminals, who are themselves more and more courted by traditional crime. I fear that all this will lead us soon to cyberterrorism “, says Eugene Kaspersky. In a way, governments and their secret services today represent the greatest threat to the security of the Internet, because of their huge financial and intellectual resources!

Read also :

Source: