[cryptography] [OT] Reworked Version of Stuxnet Relative Duqu Found in Iran

Jeffrey Walton noloader at gmail.com
Wed Mar 28 23:39:00 EDT 2012


Hi Guys,

>From "Reworked Version of Stuxnet Relative Duqu Found in Iran,"
http://www.securitynewsdaily.com/1642-stuxnet-duqu-iran.html:

    Duqu's builders also changed its encryption algorithm and
    rigged the malware loader to pose as a Microsoft driver.
    (The old driver was signed with a stolen Microsoft certificate.)

Is the stolen certificate related to Diginotar or some other incident?
Microsoft claims Diginotar issued certificates are inert
(http://www.computerworld.com/s/article/9219729/Microsoft_Stolen_SSL_certs_can_t_be_used_to_install_malware_via_Windows_Update).

Perhaps "Stolen encryption key the source of compromised certificate
problem, Symantec says,"
http://computerworld.co.nz/news.nsf/security/stolen-encryption-key-the-source-of-compromised-certificate-problem-symantec-says?

Jeff



More information about the cryptography mailing list