Africa

Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

Close
Menu
The Takeaway: What's behind the Duqu 2.0 hit on Kaspersky Lab

The Takeaway: What's behind the Duqu 2.0 hit on Kaspersky Lab

Eugene Kaspersky has a theory about the hackers who created Duqu 2.0 and infiltrated his company's systems: it was a research mission.

Ken Mingis (CIO (US))
Comments

Eugene Kaspersky has a theory about why the hackers who created the Duqu 2.0 malware : They wanted intelligence.

"I'm pretty sure they were watching," Kaspersky said during a news conference Wednesday that was webcast. "Maybe they were interested in some specific attacks we were working on. Or maybe they wanted to see if we could catch them."

The high-level malware gets its name from the four-year-old Duqu, which is itself thought to be related to the infamous Stuxnet malware. It was used to infiltrate Kasperky Lab's systems, where it apparently remained hidden for several months before being uncovered.

At yesterday's news conference in London and in a post on Forbes.com, Kaspersky called the hackers "stupid, but greedy" and offered up his thoughts on what was behind the attack:

-- The attackers may have been seeking insight and information about Kaspersky's security technology, more specifically how the firm finds malware and decides what to analyze more fully. That intelligence would be valuable for hackers looking to craft  future malware that could better escape detection.

-- The attack may have been a simple ego play, "the urge of the hunter to hang the head of a big lion on a wall," Kaspersky wrote on Forbes.com. "...If that is the case, the attackers messed up: now we know how to catch a new generation of stealthy malware developed by them."

-- Surprisingly, the hackers apparently weren't after Kaspersky's customers. The antivirus firm found no evidence that Duqu accessed customer or partner information.

In the Forbes.com post, Kaspersky called Duqu 2.0 "extremely innovative and advanced" and noted that since it lives in system RAM and avoids making changes to a hard drive, it's difficult to spot. Even so, "no matter the reasons behind this attack, the bad guys have lost a very expensive and sophisticated framework they'd been developing and nurturing for years."

With reports from Gregg Keizer at Computerworld.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags kaspersky

More about Kaspersky

Show Comments
[]