Duqu Virus Precursor of More Attacks, Cyber Security Expert Warns

CCNY Electrical Engineering Professor Tarek Saadawi Likens to Reconnaissance Plane on Spy Mission

Although so far the Duqu seems to have affected only a small number of cyber systems, it likely is a precursor to imminent more harmful attacks, warns cyber security expert Dr. Tarek Saadawi, professor of electrical engineering at The City College of New York’s Grove School of Engineering.

Professor Saadawi likens Duqu to a reconnaissance plane on a spying mission to prepare for a bombing raid. “Duqu’s main goal is information gathering and surveillance of specific cyber systems,” he says. “It attacks servers and systems to collect information on the details of the targeted infrastructure.   This collected information allows the attacker to fine-tune its future attack.”

Because of Duqu’s sophistication, many, but not all, cyber security experts believe it may be an extension or a breed of the Stuxnet virus code.  Stuxnet, which targets industrial control systems, was used in a cyber attack on a nuclear processing facility in Iran that may have been developing materials for weapons.

Although it is subject to debate, Duqu seems to be an evolution of one of the modules of the Stuxnet virus code, he notes. The code allows parts of Stuxnet to be developed for other purposes.

“With the main purpose being as a collector of information, (Duqu) monitors keyboard strokes to be able to capture the access passwords to various systems,” Professor Saadawi says.  It has also other forms of sophistication, including its main Trojan module, which includes a kernel driver, the injected DLL (dynamic link library) and a configuration file.

While software companies and system administrators continue to work on protections against Duqu and workarounds for systems infected by the virus, Professor Saadawi says research and development efforts should focus on closing all cyber system security weakness.  He adds that to protect their personal computers and home networks individuals should:

•    Always update anti-virus programs.
•    Conduct periodic Windows updates, preferably automatically.
•    Update application software, since vendors continue to build in more secure features.
•    Close Internet browsers when not in use so they do not degrade the performance of security software.
•    Shut down computers at night.

Note to Reporters:

More information about Professor Saadawi can be found at http://tinyurl.com/saadawiccny.  To speak with him, please contact Ellis Simon, Director of Public Relations, The City College of New York, 212-650-6460, esimon@ccny.cuny.edu