A new Struxnet

View Only

Back to discussions

Expand all | Collapse all

1. A new Struxnet

2 Recommend
Migration User
Posted Oct 20, 2011 04:55 AM

Reply Reply Privately
This has been getting a lot of press lately:

A new variant of Struxnet, different target and different payload, new name "Duqu":

Symantec blog:

https://www-secure.symantec.com/connect/w32_duqu_precursor_next_stuxnet

Whitepaper:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet_research.pdf

Post other info pls.
2. RE: A new Struxnet

0 Recommend
Broadcom Employee

pete
Posted Oct 20, 2011 06:02 AM

Reply Reply Privately
thumbs up!

write up as well

http://www.symantec.com/business/security_response/writeup.jsp?docid=2011-101814-1119-99
3. RE: A new Struxnet

0 Recommend
Migration User
Posted Oct 20, 2011 07:04 AM

Reply Reply Privately
The best move should be to first block the C&C server in your firewalls ,SEP as well as network.
4. RE: A new Struxnet

0 Recommend
Mick2009
Posted Oct 20, 2011 08:05 AM

Reply Reply Privately
"Thumbs up" to the advice, above, about blockign the C & C server IP address at the corporate firewall.

Definitions for SAV, SEP etc that are 18 October or later will detect the samples as W32.Duqu.

Earlier definitions detected this as a member of the generic "Trojan Horse" family.

Best practice, once again: please update all machines to the latest available definition set, and monitor the network for unusual activity!

http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&depthpath=0

Endpoint Protection

A new Struxnet

Migration UserOct 20, 2011 04:55 AM

peteOct 20, 2011 06:02 AM

Migration UserOct 20, 2011 07:04 AM

Mick2009Oct 20, 2011 08:05 AM

1. A new Struxnet

2. RE: A new Struxnet

3. RE: A new Struxnet

4. RE: A new Struxnet