Duqu, the newly discovered malware, has
been named by many as a 'predecessor to Stuxnet', but in fact this piece of
sneaky code has its resemblances and differences to the notorious worm.
A variety of anti-malware researchers and
firms recently reported that Duqu's structure, in terms of files and some
internal logic, is almost identical to its alleged predecessor - offering a
close familiarity with Stuxnet source-code in order to conduct it.
One of the firms even identified Duqu as a
version of Stuxnet, and their automatic malware analysis determined it was
Stuxnet itself.
On one hand, Duqu is signed with a
legitimate digital certificate; Stuxnet did the same with a different
certificate, obviously the certificate has been revoked upon discovery.
On the other hand, the purpose of Duqu is
entirely different. Some of the uncovered features include keylogging,
autodestruct of itself including many traces and transmitting collected data to
a Command and Control server using encrypted files, and strange image files that
are still under investigation.
Nonetheless, Duqu's level of sophistication
is rare, and it's raison d'être is still remained unsolved.
Keep an eye open on this one, as the story
of Duqu's history is slowly revealed.
