Vikram Thakur's blog

Thanks to Stephen Doherty, Andrea Lelli, Nicolas Falliere, Paul Mangan, Asuka Yamamoto, and Sean Kiernan for their technical contributions.

The group that initially discovered the original Duqu binaries, CrySyS, has since located an installer for the Duqu threat.

Earlier today news was made public regarding nine fraudulent digital certificates which were issued by a company named Comodo. The certificates were issued through a breached registration authority (RA), causing the applicant to be improperly verified.

Things have been pretty rough in the Response world the past few weeks. The number of exploits taking advantage of unknown and unpatched vulnerabilities has been breathtaking.

We’ve been analyzing W32.Stuxnet, which is a threat that uses a legitimate digital certificate from a major third party and takes advantage of a previously unknown bug in Windows; ultimately, it searches for SCADA systems and design documents.

In October 2009 we started tracking the Mariposa, or Butterfly, botnet. At that time, a security company had reported that a large number of Fortune 100 companies had been infected with this threat.