Inicio  /  Future Internet  /  Vol: 4 Par: 4 (2012)  /  Artículo
ARTÍCULO
TITULO

The Cousins of Stuxnet: Duqu, Flame, and Gauss

Boldizsár Bencsáth    
Gábor Pék    
Levente Buttyán and Márk Félegyházi    

Resumen

Stuxnet was the first targeted malware that received worldwide attention for causing physical damage in an industrial infrastructure seemingly isolated from the online world. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. We describe our contributions in the investigation ranging from the original detection of Duqu via finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in the sense that it used advanced cryptographic techniques to masquerade as a legitimate proxy for the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can only be decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector service and we are currently collecting intelligence information to be able to break its very special encryption mechanism. Besides explaining the operation of these pieces of malware, we also examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessons that the community can learn from these incidents. We focus on technical issues, and avoid speculations on the origin of these threats and other geopolitical questions.

 Artículos similares

       
 
Abir Rahali and Moulay A. Akhloufi    
To proactively mitigate malware threats, cybersecurity tools, such as anti-virus and anti-malware software, as well as firewalls, require frequent updates and proactive implementation. However, processing the vast amounts of dataset examples can be overw... ver más

 
Jinting Zhu, Julian Jang-Jaccard, Amardeep Singh, Paul A. Watters and Seyit Camtepe    
Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware familie... ver más
Revista: Future Internet

 
Joel Scanlan, Paul A. Watters, Jeremy Prichard, Charlotte Hunn, Caroline Spiranovic and Richard Wortley    
Honeypots have been a key tool in controlling and understanding digital crime for several decades. The tool has traditionally been deployed against actors who are attempting to hack into systems or as a discovery mechanism for new forms of malware. This ... ver más
Revista: Future Internet

 
Tolijan Trajanovski and Ning Zhang    
The leaked IoT botnet source-codes have facilitated the proliferation of different IoT botnet variants, some of which are equipped with new capabilities and may be difficult to detect. Despite the availability of solutions for automated analysis of IoT b... ver más
Revista: Future Internet

 
Ammar Alazab, Ansam Khraisat, Moutaz Alazab and Sarabjot Singh    
Websites on the Internet are becoming increasingly vulnerable to malicious JavaScript code because of its strong impact and dramatic effect. Numerous recent cyberattacks use JavaScript vulnerabilities, and in some cases employ obfuscation to conceal thei... ver más
Revista: Future Internet