APT (Targeted attacks)

APT reports

The Mystery of Duqu: Part Three

First things first, I have to point out a mistake in the previous text. When analyzing the fourth incident in Iran, we stated that there were two network attacks on a victim machine from the IP address 63.87.255.149. It could have been an exclusive version of Duqu, but it turned out to be a big mistake.

APT reports

The Mystery of Duqu: Part One

First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) – the main module and a keylogger.

APT reports

Myrtus and Guava, Episode MS10-061

Over the past few weeks the AV industry has continued to focus its research efforts on the Stuxnet worm. We blogged about what we found while we were investigating the malware; our Stuxnet series may have come to an end, but that doesn’t mean we’ve stopped our research.

Incidents

Myrtus and Guava, Episode 5

So far in our series about Stuxnet we’ve focussed on the main issue: the threat posed by the zero-day vulnerability in the processing of LNK files, and the fact that cybercriminals have somehow got their hands on digital certificates. What we haven’t done in any detail is look at the worm’s functionality.

APT reports

Myrtus and Guava, Episode 3

The geographical distribution of Stuxnet infections is just as interesting as the Trojan itself. We detect the rootkit component (the signed drivers) as Rootkit.Win32.Stuxnet, and the other files as Trojan-Dropper.Win32.Stuxnet.

Reports
Subscribe to our weekly e-mails

The hottest research right in your inbox