The Mystery of Duqu 2.0: a sophisticated cyberespionage at its best


hackers target airlines,   energy,   defense companies - Getty - CYBER,   SECURITY

Business Insider has talked with hi-tech cyber security expert Jeff Bardin about the newly discovered Duqu 2 virus, which is claimed by some, though without any compelling evidence it seems, to be an Israeli virus which was used to spy on the Iran talks.

Israel responded on the matter this morning. Israel’s Deputy Minister of Foreign Affairs Tzipi Hotovely denied Israel’s involvement in the bugging of sensitive hotel installations used for talks with Iran.

“There is no basis for the international reports claiming Israel was involved in the matter, ” Hotovely told Galei Tzahal, Israel Army Radio today. “What’s much more important is that we prevent a bad deal, otherwise, at the end of the day, we will find ourselves under Iran’s nuclear umbrella.

No Israeli official other than Hotovely has issued a response, and the government is remaining silent on the matter.

Treadstone 71 CIO Jeff Bardin told “Business Insider” that the new virus may have significant capabilities beyond eavesdropping. It apparently can also access sensitive files, individual’s personal details, passwords, and more.

“Since the original Duqu uses root capabilities and exploits vulnerabilities that allow for an elevation of privileges, Duqu can be used to install other code that can keystroke log, record conversations, record video, extract files, track any activity that occurs on the infected Windows PC or laptop. This includes the capturing of user IDs, passwords, and sensitive files.”

Bardin added, “Once the code is installed, most anti-virus software cannot detect or remove this malware. Dudu potentially allows for the complete takeover of the target Windows devices.”

Chris Weber, Casaba Security co-founder and Managing Principal, told “Business Insider” that the new, updated version of the Duqu virus, Duqu 2.0, “is an extremely advanced malware platform with delivery mechanisms on par with Stuxnet.”

Stuxnet is a virus worm which back in 2012, was reported as if Israel and the US had planted in the Iran nuclear facility and disrupted its operation.

Weber called Duqu 2.0 “bad-ass, ” and believes malware to be the tool of choice for nation-state spying. Once infected, the Duqu platform offers its operators ability to install either a simple, memory-resident backdoor or a more persistent and fully featured command and control package. After that, the platform allows for leverage potentially into other parts of the network as well.”


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.