Kaspersky Lab has revealed a few more technical details about the malware used in the recent intrusion into its systems, which the company has christened "Duqu 2.0." The report includes a worrisome detail: a 64-bit Windows driver used by the malware platform is digitally signed by none other than Foxconn Technology Group, one of the world's largest electronics manufacturers. You might know some of their clients, like Apple, Microsoft, and Google.
The valid digital signature makes the driver in question appear perfectly legitimate from the OS's perspective, and is one of the reasons why Duqu 2.0 doesn't leave any obvious trace in infected systems. The same tactic was used in the Stuxnet intrusions in 2011, albeit with stolen Realtek and JMicron digital certificates.
Kaspersky states it hasn't seen any other malware using the stolen certificates, so it rules out the possibility that they have been leaked to other cracking groups. The company also believes that the uniqueness of these certificates means that they were stolen directly from manufacturers' networks. The group responsible for Duqu 2.0 and Stuxnet has yet to use the same digital certificate twice, which could mean that it has more stolen certificates ready for use. If that's the case, it could undermine trust in digital certificates as a whole.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Valve details plans for Steam storefront update||21|
|EVGA's liquid-cooled GTX 1070 Hybrid card goes up for pre-order||9|
|Google Play Store doors are now open for a few Chrome OS devices||7|
|Updated Roku range starts cheaper and gets HDR-ready||7|
|In Win's 509 full-tower case can swallow massive mobos||12|
|Friday Night Shortbread||28|
|Doom's latest update adds Deathmatch and private matches||16|
|Rumor: Google to showcase mesh networking router soon||11|
|SolidRun MicroSoM offers Braswell CPUs on a tiny package||19|