According to an alert report published by Stuxnet, but with a completely different purpose. “Duqu is essentially the precursor to a future -like attack’ warns.” Symantec reports stated, adding “The threat was written by the same authors (or those that have access to the source code) and appears to have been created since the last file was recovered. Symantec assesses this code could have been in action since december 2010.” The threat’s executable file was signed by a private key that was stolen from a customer that acquired it legally from Symantec, the company stated., the new treat designated ‘Duqu’ has parts nearly identical to
Unlike Stuxnet which was seemingly designed for specific attack mission (allegedly, the Iranian centrifuges), Duqu’s purpose is to gather specific intelligence data and assets from specific organizations, such assystem manufacturers, information that will assist its designers in tailoring specific cyber weapons against future attacks.
As a silent spy, Duqu does not contain any ‘warhead’ – a code related to affectsystems, as its primary mission as a Remote Access Trojan (RAT) is to access the system of interest, record and transmit information back to the control entity. Furthermore, this threat does not self-replicate in the targeted system. To carry out this mission Duqu installs an ‘infostealer’ that records keystrokes ( ) to gain other system information. Gathered information is encrypted and packed in a file that looks like an image, which has to be exfiltrated fro the compromised system via internet connection. Duko has a life span of 36 days, and, when expired, it automatically removes itself from the system.