Newly discovered Stuxnet descendant - Duqu

MentholMoose

Symantec has a writeup and whitepaper about Duqu, a new malware derived from Stuxnet.
W32.Duqu: The Precursor to the Next Stuxnet | Symantec Connect Community

Also F-Secure has some info.
Duqu - Stuxnet 2 - F-Secure Weblog : News from the Lab

This time it is signed by a cert stolen from C-Media Electronics, Inc. (already revoked) and its purpose is to provide remote access rather than to destroy centrifuges.

the_Grinch

“The real surprising thing for us is that these guys are still operating,” O Murchu says. “We thought these guys would be gone after all the publicity around Stuxnet. That’s clearly not the case. They’ve clearly been operating over the last year. It’s quite likely that the information they are gathering is going to be used for a new attack. We were just utterly shocked when we found this.”

From: Son of Stuxnet Found in the Wild on Systems in Europe | Threat Level | Wired.com

I had to laugh at this because you have to be fairly shortsighted to truly believe these guys weren't going to continue their work. Most agree this is the work of a team working for or apart of some nation state. If that is the case, of course they aren't going to stop as the mission would still be ongoing. In the cyber espionage world, since it is so hard to prove where an attack/virus came from, press doesn't necessarily kill an operation. Also, Stuxnet was a test to see if it would work and how far they could go (on an target that no one would kick up a fuss about) so now it's time to see where else it might work. Very interesting either way, but seems the Cyber Coldwar is in full swing!

MentholMoose

Well the installer has been found, it uses -- can you guess? -- a Windows 0-day exploit. Some info on the installer:
Duqu Attack's Installer Discovered - F-Secure Weblog : News from the Lab

Microsoft's security advisory for the (still unpatched) exploit:
Microsoft Security Advisory (2639658 ): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege