No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
Stuxnet, and, Duqu, arent, even, distant, cousins - sponsored editorial -
The Trade Show at the Software & Systems...
- Sponsored Editorial -
AppLabs sees huge value proposition for its clients with...
Despite tough anti-spam measures in the US, and recent lawsuits against a MySpace spammer,...
Setting up a secure Wi-Fi network is not for the faint-hearted, and with Wi-Fi...
Microsoft has fixed a bug causing Internet Explorer 7's phishing shield
to bog down page...
More From
Stuxnet and Duqu aren't even distant cousins
David Heath
Friday, 11 November 2011 09:35
Page 1 of 2
In a recent interview, iTWire asked Jon Callas, currently CTO at Entrust his thoughts on the recent Duqu malware and how closely it is related to Stuxnet.iTWire: You're arguing that Duqu looks a little bit the same as Stuxnet but that's about the end of it?
Callas: Yes. You know, it's got both ones and zeros, just like Stuxnet.
iTWire: there was an article published just today saying that a decompiled version of Stuxnet is available for download.
Callas: It would not surprise me if the people who are good at doing malware looked at the decompiled Stuxnet and said, "Oh would you look at that! That programming technique is really cool." Because programmers do that all the time with each other.
But the idea that Duqu is obviously by the people who did Stuxnet for essentially the same purpose... if you look at it from a plain old detective standpoint, you know, means, motive and opportunity, well whoever did Stuxnet was somebody who didn't like Iran and didn't like the Iranian nuclear work.
Now we can construct our list of suspects and we can discuss who we would want on the list of suspects but then you look at Duqu and you look at what it's been doing and its got a control server in India and it's been doing all sorts of things and there is no intersection between the two of them.
So, if you wanted to say "why yes, the people who wrote Duqu stole a few things from Stuxnet" I can't gainsay that.
They also were using Return Oriented Programming, which is what all the cool kids are doing now. It's what all of the iPhone jailbreaks do too. I could argue from the very same argument that "oh no, it wasn't the Stuxnet people, it was the iPhone jailbreak people instead because it's the same programming techniques." And very likely they may have stolen some pointers from them as well. But if you look at what it is, what we know about it and where it's going, I believe that McAfee and other people are jumping to conclusions.
It could turn out that they are right in the end, but that was a bit premature in an analysis and I think it was more to get press [coverage].
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
