Duqu: Another “most advanced” piece of malware

Rootkit.Duqu.A is the current star in the world of malware but, as history shows, that fame will be short-lived. Just like fashion models, modern malware has a lifespan in the media eye of a couple of weeks to a couple of months, tops. They then fade into the shadow of more dangerous and sophisticated tools, according to Bitdefender.

Before Duqu, a multitude of e-threats claimed the award for the most innovative, most dangerous or most pervasive piece of malware in the wild. It is a game that malware creators have played with victims – the computer users – or with their arch-enemies – the AV industry – since computers were too large to fit in a regular room and were anything but “personal.”

Without a doubt, 2010 was known for the emergence of Stuxnet, the first piece of malware specifically designed to sabotage nuclear power plants. It can be regarded as the first advanced tool of cyber-warfare.

However, sophisticated malware has also been put to more “civilian” use. Back in 2008, social networking users befriended Trojan.Koobface, a piece of malware that used to spread via social platforms such as Facebook, Twitter and Hi5. Once infected, users would serve as both vectors of infection for other social network contacts and as human robots to solve CAPTCHA challenges for cyber-criminals, among other things.

If you were old enough to “drive” a computer back in 2004, you probably remember the MyDoom worm, a rapidly-spreading mass-mailer worm apparently commissioned by a spam group to automate sending of unsolicited mail via infected computers acting as relays.

1999 brought another game changer named Melissa, a mass-mailing macro virus, which managed to overload Internet mail systems to the point of shutdown. If most computer users knew they should be careful with exe files, they were completely unaware that opening a Word document would spread the worm to their e-mail contact lists.

The early 90s marked an important milestone for the traditional antivirus industry that was relying on string signatures to statically identify malware. The emergence of Chameleon, an e-threat actually able to mutate its code after each infection in order to trick AV scanners and evade detection, signaled that it was time for the industry to switch to more advanced defense technologies such as heuristics and sandboxing.

If you thought that Rootkit.Rustock and Rootkit.TDSS were packed full with novel technologies, you’re in for a surprise. Boot sector malware has been around since 1986, when two Pakistani computer-shop owners created the Brain Boot Sector virus, a piece of harmless code that was able to camouflage its presence by tampering with the result of disk read requests.

Of course, this list could only end with the great-grand parent of the modern Trojan, the Pervading Animal game. Built on a Univac 1100/42 mainframe that looks like this, the game had primitive artificial intelligence support and was complemented by a “software distribution routine” called PERVADE that would copy the game in the directories of other users of the Univac mainframe. Although the purpose was to allow other users to grab a copy of the game, this method of distribution is what we call today a “classic Trojan Horse attack”.

However, the history of malware – a term that we tend to associate with modern threats such as Bankers or keyloggers – is rife with incidents that allowed viruses to morph from innocent pranks to advanced military weapons.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss