ICS-CERT Alert: ICS-ALERT-11-291-01A: W32.Duqu-Malware Targeting ICS Manufacturers (UPDATE)   [open pdf - 98KB]

"On October 18, 2011, Symantec released a Security Response Report describing W32.Duqu, an information-gathering threat targeting specific organizations, including industrial control systems (ICSs) manufacturers. According to Symantec, W32.Duqu does not contain any code related to ICSs and is primarily a remote access Trojan (RAT). Symantec reports that the original sample of W32.Duqu was gathered from a research organization based in Europe and that additional variants have been recovered from a second organization in Europe. According to Symantec, the attackers are looking for information, such as design documents, that could potentially be used in a future attack on an industrial control facility. This threat is highly targeted toward a limited number of organizations, apparently to exfiltrate data concerning their specific assets; the propagation method is not yet known. Symantec indicates that W32.Duqu is not self-replicating. Symantec reports that other attacks could be ongoing using undetected variants of W32.Duqu. Symantec states that they are continuing to analyze additional variants of W32.Duqu."

Report Number:
ICS-CERT Alert, ICS-ALERT-11-291-01A
Public Domain
Retrieved From:
United States Computer Emergency Readiness Team: http://www.us-cert.gov/
Media Type:
Help with citations