Duqu 2.0 – The most powerful and disastrous malware ever seen
What is Duqu 2.0?
Kaspersky has discovered a new malware with the name Duqu 2.0, which it calls the most sophisticated malware that has ever seen. This malware was noticed after it penetrated into Kaspersky’s own internal network.
According to Kurt Baumgartner, principal security researcher of Kaspersky: “The philosophy and way of thinking of the Duqu 2.0 group is a generation ahead of anything seen in the APT world.” He also reported that it is more dangerous and even surpassed the Equation group, which is considered as the death star of Malware galaxy.
From where does Duqu 2.0 came up ?
In 2011, a malware was discovered that infected several computers through out the world, whose name was Duqu. This Duqu 2.0 is considered as son of Duqu and is an updated version of it with more infecting power. This malware is believed to be spread by the same creators that were known to spread the Stuxnet worm, that came up many years ago.
What is the main difficulty with Duqu 2.0 ?
According to Kurt Baumgartner, Duqu 2.0 is very hard to detect as it remains in system memory and infects network gateways and firewalls by installing malicious drivers that proxy all traffic from internal networks to its C&C servers rather than connecting directly to command-and-control servers to receive instructions which makes it’s detection by any antimalware software very difficult.
Another difficulty that is being reported is that it’s creators make use of such encryption algorithms, filenames and methods for each attack that are very unique in order to avoid being detected. Once it has affected one system, it travels laterally in the network in search of other victim and that is the biggest problem with antiviruses and antimalware’s that they lack the ability to detect lateral movement.
Watch out this video on: Duqu 2.0 – Russia Today, 10 June 2015