Duqu: A new breed of spyware is spreading

A computer screen of Dirk Engling, spokesperson of the Chaos Computer Club, shows the file name (highlighted) of the Trojan spyware allegedly made by the German authorities in the CCC's offices in Berlin on Oct. 12 , 2011.

It's called Duqu. Don't worry just yet, it's not likely to have infected your computer. Unless, that is, your computer is located at Iran's Civil Defense Department. That's where Duqu has very recently been detected. It's not exactly known who created Duqu, but experts agree that it's so sophisticated it could only have come from a large well-funded organization. This isn't some kid dinking around in the basement, this is high-level.

"If you think about the way like say a cruise missile is built," says Alex Cox of RSA Security, "You've got the concept of a payload and then you've got the delivery system. You can think of Duqu in the same way. The malware has a delivery system and a payload.  In the Duqu example, the payload is just an information-stealing piece of malware, so when that Duqu malware is installed on a machine, it's able to collect information and send it back to its controllers, giving information on the machine it's installed on."

In other words, it's a spy. But this is online espionage. No trenchcoats, no briefcases.  Just malware. Welcome to the future. And Duqu is incredibly hard to detect in part because it flees the scene of the crime, deleting itself within days of installing.

As for how it gets in in the first place, Kevin Haley from Symantec Security Response says, "It hides itself within a Word document. When the user clicks on it, there is actually a vulnerability, a way that runs the program the way it's not supposed to be run which allows the threat to get downloaded on the computer and run."

Duqu has been compared to Stuxnet, a recent computer worm that appears to be targeting control systems for things like Iran’s nuclear power program.  Haley says, “The reason it's been associated (with Stuxnet) is based on our research. It has some of same source code, kind of the building blocks of a computer program, are used in Duqu that were used in Stuxnet. The difference between the two is Duqu is only doing what we call reconnaissance. It's getting on the computer and it's looking for information. Stuxnet not only got on the computer and looked for information, but it took that information and crafted a pretty incredible attacks that ended up attacking industrial control systems, the tiny computers that run, in this case, cylinders that were used to enrich uranium."

Experts aren’t yet sure what Duqu is trying to achieve here, what the ultimate goal is. Stay tuned.

Also on today’s program, Jailbreak the Patriarchy is a new extension you can get, free, for the Chrome browser. It switches all gender pronouns on a website. He becomes she, mom becomes dad.

Creator Danielle Sucher created just for fun but has had some interesting gender insights along the way.

About the author

John Moe is the host of Marketplace Tech Report, where he provides an insightful overview of the latest tech news.

Comments

I agree to American Public Media's Terms and Conditions.
With Generous Support From...