Previously discussed in the November 4th Viral Update item, the Duqu Trojan is back again. When Symantec first analyzed the malware, they had found similarities in it to the Stuxnet Trojan, leading them to believe they were both written by the same people. Stuxnet had the potential to damage a nation’s infrastructure, and also appeared to target Iran’s nuclear facility. Iran has come out to say Duqu has hit its computers but also that it is deploying a fix.
From Kaspersky Labs comes some more information about Duqu, an intriguing timeline. Part of the code found on some infected machines relates to a driver from 2007, suggesting Duqu has possibly been in development for years. From another analysis of an infected machine came code relating to a 2008 driver. What’s more, Kaspersky Labs has found parts of the Trojan are actually written specifically for their target. This adaptation also includes different servers being contacted by different versions of the Trojan, making it harder to stop.
In other malware news, since July there has been a 472% increase in malware for the Android mobile operating system. Of the malware attacks though, only 7.2% occur in the US, far behind China at 64%. These attacks can come in the form of malicious apps and sites that exploit code used specifically in mobile software. So, as always, exercise caution with what you open and install.
After four week of these news posts, tell us what you think. Should these weekly updates continue, or should a ‘as-needed’ approach be adopted?