Alexander Gostev wrote for SecureList (a blog run by Kaspersky Labs) on Duqu. Symantec recently discovered a new and improved Duqu . . . in Iran. The blog post had an in-depth analysis of the mechanics behind Duqu's coding, but I was more interested in Mr. Gostev's conclusion:
The return of the Duqu . . . indicates that our original assumptions were correct. When you invest as much money as were invested in Duqu and Stuxnet, it’s impossible to simply shutdown the operation. Instead, you . . . change the code to evade detection and carry on as usual. [Duqu's] focus on Iran indicates a persistent attacker with a strong, clear agenda. Its complexity . . . indicate[s] how important it is for the project to remain under the radar. It can be assumed that future developments will focus on this direction."
You can find the SecureList blog post here.
***
So are we going to see the return of Stuxnet?
Leave a Reply