ICS-ALERT-11-291-01B: W32.Duqu-Malware Targeting ICS Manufacturers (UPDATE)   [open pdf - 102KB]

"This updated Alert is a follow-up to the original Alert titled "ICS-ALERT-11-291-01A - W32 Duqu-malware targeting ICS Manufacturers" that was published October 20, 2011 on the ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] web. [...] ICS-CERT, in close coordination with Symantec and the original researchers, has determined after additional analysis that neither industrial control systems nor vendors/manufacturers were targeted by Duqu. In addition, as of October 21, 2011, there have been very few infections and there is no evidence based on current code analysis that Duqu presents a specific threat to industrial control systems. However, organizations should still remain vigilant against this and other sophisticated malware. ICS-CERT also recommends that the ICS community update intrusion prevention systems (IPSs) and antivirus systems to detect Duqu and other new threats. ICS-CERT will continue to analyze the malware, monitor the threat landscape, and report additional information as appropriate. ICS-CERT will also continue coordination with Symantec, McAfee, the international community, and ICS Stakeholders."

Report Number:
Industrial Control Systems Cyber Emergency Response Team, ICS-ALERT-11-291-01B
Public Domain
Retrieved From:
United States Computer Emergency Readiness Team: http://www.us-cert.gov/
Media Type:
Help with citations