Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

domenica 22 gennaio 2012

Tilded platform chargeable for Stuxnet, Duqu evasiveness

Researchers at Kaspersky Lab have released new analysis into the Duqu Trojan, tying it and the closely connected Stuxnet worm

Tilded platform chargeable for Stuxnet, Duqu evasiveness to a software platform designed to create exploits that avoid detection.
We believe Duqu and Stuxnet were simultaneous projects supported by an analogous team of developers.

Alexander Gostev and Igor Soumenkov, Kaspersky Lab researchers

Kaspersky Lab said both pieces of malware share a typical configuration file called Tilded. The Tilded platform was designed to offer encryption and other evasive techniques while the malware is injected right into a system. Kaspersky said a minimum of a different unrelated spyware module was created with Tilded and a number of other programs whose functionality is unclear. The research also questions the history of the Stuxnet codebase, finding that no less than a number of the code it used was created as early as 2007.

“We believe Duqu and Stuxnet were simultaneous projects supported by a similar team of developers,” said Kaspersky Lab researchers Alexander Gostev and Igor Soumenkov of their analysis.

Tilded was so named since the developers used file names that started with a Tilde symbol followed by the letter “d.” The team of developers, who remain unknown, are likely behind other projects.

Tilded was created on the end of 2007, before undergoing significant changes in 2010. “Those changes were sparked by advances in code and the necessity to avoid detection by antivirus solutions,” in line with the Kaspersky research. “There were several projects involving programs according to the “Tilded” platform inside the period 2007-2011. Stuxnet and Duqu are two of them â€" there might have been others, which for now remain unknown.”

Researchers are continuing to focus their analysis at the Duqu Trojan, which emerged in October at the systems of several manufacturers of business control parts and suppliers. The installer used to contaminate systems used a Microsoft zero-day vulnerability. The malware shares many of the same codebases as Stuxnet, but rather than disrupting systems, it was designed to assemble data. Symantec said it can be a precursor to a future Stuxnet-style attack.

Attacks using Duqu were believed to were conducted as early as December 2010. The Trojan was designed to put in itself and remain stealthy, installing spyware that records system information and duplicate files on all drives. Duqu was designed to function for 36 days before it removed itself from an infected system.

Kaspersky Lab said enterprises have to keep in mind that the Tilded platform is probably going behind other exploits.  Other projects designed using the platform won't has been detected by security teams, Kaspersky said. 

“The platform continues to develop, that can only mean something â€" we're prone to see more modifications sooner or later,” Kaspersky said.


Dig Deeper
  • Those who read this also read...


Pubblicato da alle 23:57

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)