Duqu, Son of Stuxnet

by Andy on October 20th, 2011 in Security Alert.

An apparently modified version of the well-publicised Stuxnet worm has been discovered on a number of corporate computer systems in Europe. Analysis suggests that the malware, named Duqu (pronounced dyü-kyü), appears to be based on the Stuxnet source code, giving rise to the possibility  that Duqu may have been developed either by the Stuxnet authors or by developers who have had access to the source code.


As the malware landscape evolves, it's helpful to understand how malware gets onto your machine. Knowing the bad guys' strategies gives you the edge while on-line and puts you in a stronger position to defend your data and PC against compromising threats.

We all know that we should install anti-malware software, keep it up to date and run regular scans, apply Windows and application security patches when they become available, use a firewall... well, I won't bore you - you know what to do. But what kind of attacks can we expect and where are they coming from?


Developing malware from scratch is a highly complex task that requires considerable skill and effort. In recent years, crimeware toolkits have taken the heavy lifting out of creating malware. Toolkits, such as MPack, Neospoit and Zeus, can be found for sale on underground hacking forums, lowering the skills barrier for would-be criminals. For a fee and with little effort, hackers can generate their own malware that can be used for stealing credit card details, passwords and other sensitive information.


Microsoft have published a Security Bulletin Summary for October 2011. Eight updates have been released including two "critical" and six "important" severity updates.

The patches address remote code execution, elevation of privilege and denial of service vulnerabilities within Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Forefront United Access Gateway and Microsoft Host Integration Server.


Virus Bulletin 2011

by Andy on October 11th, 2011 in Industry and Security News.

Lavasoft attended the 21st Virus Bulletin conference in Barcelona from 5-7 October.

Virus Bulletin is a leading security industry publication who's annual conference presents the latest research, defensive procedures and the chance to discuss future developments and countermeasures. It also provides an opportunity for experts in the anti-malware arena to share their research interests, discuss technologies, as well as meet with - and learn from - those who put their technologies into practice in the real world.