Kaspersky Lab has revealed a few more technical details about the malware used in the recent intrusion into its systems, which the company has christened "Duqu 2.0." The report includes a worrisome detail: a 64-bit Windows driver used by the malware platform is digitally signed by none other than Foxconn Technology Group, one of the world's largest electronics manufacturers. You might know some of their clients, like Apple, Microsoft, and Google.
The valid digital signature makes the driver in question appear perfectly legitimate from the OS's perspective, and is one of the reasons why Duqu 2.0 doesn't leave any obvious trace in infected systems. The same tactic was used in the Stuxnet intrusions in 2011, albeit with stolen Realtek and JMicron digital certificates.
Kaspersky states it hasn't seen any other malware using the stolen certificates, so it rules out the possibility that they have been leaked to other cracking groups. The company also believes that the uniqueness of these certificates means that they were stolen directly from manufacturers' networks. The group responsible for Duqu 2.0 and Stuxnet has yet to use the same digital certificate twice, which could mean that it has more stolen certificates ready for use. If that's the case, it could undermine trust in digital certificates as a whole.
|Razer Electra V2 offers affordable immersion||0|
|Samsung 360 Round camera captures the world from all angles||6|
|National Seafood Bisque Day Shortbread||3|
|MSI GS63 Stealth laptop flies under the radar with a GTX 1050||5|
|Zotac GTX 1080 Ti ArcticStorm Mini proves that size doesn't matter||20|
|Aorus X9 packs two GTX 1070s in a slim chassis||11|
|ROG Strix X370-I and B350-I are itty-bitty boards for Ryzen builds||15|
|Qualcomm shows progress on 5G mobile broadband||21|
|Samsung foundry train stops at 8-nm LPP before heading to EUV||25|
|Honestly can't see the point of Vega64 for gamers. It's a power-hungry compute monster that barely outperforms Vega56 and no matter how much you overc...||+21|