Stuxnet malware child hits Kaspersky with “zero-day trampoline”

Chris Burns - Jun 10, 2015, 10:51 am CDT
0
Stuxnet malware child hits Kaspersky with “zero-day trampoline”

While you don’t hear the words “trampoline” and “malware” in the same sentence very often, today it’s entirely warranted. Moscow-based Kaspersky Lab, a research organization that concentrates on hackers and hacking activity, have discovered a second state-sponsored group of hackers that’ve created malware derived from Stuxnet. A second, that is, after the USA and Isreali group discovered in 2012, creators of the Stuxnet malware used for hacking international groups, the same malware this new group used to create their own sophisticated worm.

The software Kaspersky suggests they’ve found looked to be an updated version of “Duqu.” Duqu is a malware, also derived from Stuxnet, discovered in 2011 to be spying on Iran’s nuclear material development. This software was also made to “keep tabs on the country’s trade relationships,” according to Ars Technica. That group “went dark” in 2012, then returned with an updated piece of malware aimed directly at Kaspersky.

Why call it a 0-day trampoline?

This Tuesday Microsoft sent out a patch for all Windows machines, designated CVE-2015-2360. This patch fixes a vulnerability in Windows which allowed the Duqu malware to jump from one computer to the next over the same wireless network.

Basically the entire clump of malware lives in the memory of compromised servers or user computers – and it can be wiped out.

But once that computer is restarted and re-connected to a network in which other computers are still infected, that computer becomes infected once again.

Scary stuff.

For more information, check out Ars Technica’s in-depth report.


Must Read Bits & Bytes