Trojan Duqu: work scheme

[Детективное агентство ИКС-Инфо.]

Kaspersky Lab experts investigated incidents related to the spread of the Duqu Trojan and received a number of new details about the malicious program itself and about the methods and methods used by its authors to infect users.


“Comparing the data we found with the data obtained by other researchers and anti-virus companies, we found coinciding common features that reveal an approximate chronology of events and the general scheme used by the creators of Duqu,” said Alexander Gostev, Kaspersky Lab’s chief antivirus expert.

In the course of the investigation, it was possible to find out that the spread of the malware occurred through e-mail. A letter addressed to a specific recipient was accompanied by a doc file containing an exploit of the vulnerability and an installer of the Trojan. The first such mailing was carried out in April 2011.

The driver loaded by the exploit into the kernel of the system has a compilation date of August 31, 2007. This suggests that Duqu authors could work on this project for more than four years. It is worth noting that each Duqu attack was unique: the Trojan had a clearly defined victim, a unique set of files, and its activities were monitored every time from different management servers.

After the system was infected and the connection with the server was established, an additional module was downloaded and installed to collect information about the system, take screenshots, search for files, intercept passwords and a number of other functions.

To date, Kaspersky Lab experts have identified at least 12 unique Duqu file sets that are still being explored.

https://expert.com.ua/68283-troyanec-duq ... aboty.html

 

[Витаутас. Частный детектив г. Вильнюс. Литва]

Thanks, I'll keep it in mind

 

[Евгений СБ]

Do not open incomprehensible letters.

 

[НСК-СБ]

Do not open incomprehensible letters.

-------------------------------------------------- --------
I agree! Thank you Roman!

 

[Игорь Эдуардович]

Read !!! Thanks Roman.