What is Duqu?





It was "one of the most sophisticated campaigns ever seen" - says Kaspersky.

One of the leading anti-virus software providers, Kaspersky- has revealed that its own systems were recently compromised by hackers. Security firm said it was good that the intrusion was discovered early stage.On the blog post Kaspersky says - we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities. Company have named the attack as Duqu 2.0, and points that there's a nation behind it.According to Wikipedia, Duqu is a collection of computer Malware discovered on 1 September 2011, thought to be related to the Stuxnet worm. You can read more detail information about Duqu from Securelist Kaspersky says that the attack technique was very different and was difficult to detect and neutralize it, but with the help of company's Anti-APT solution - specially designed to tackle the most sophisticated targeted attack, they managed to detect it.Attacker had targeted the vulnerable Microsoft software installer files to spread the Malware on the remote computers, which is some how same like last Duqu attack. Firm says attackers tried to spy on company's technologies… which are accessible under licensing agreements. The group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz.The investigation of this attack is ongoing and it may took more couple of weeks to get the all information about the cyber attacks. However Kaspersky confirmed that there malware databases have not been affected, nor attackers had access to there customers’ data.The chief research officer of a rival computer security firm said he had had only a brief chance to look into the allegations, but added that it did appear to be a "big deal".