• DDoS Knowledge Center
    • DDoS Chronicles
    • Research
    • DDoSPedia
    • Infographics
  • DDoS Threats & Attacks
    • DDoS Attack Types & Tools
    • Threat Advisories & Attack Reports
  • DDoS Experts' Insider
    • DDoS Best Practices and Guidelines
    • ERT Case Studies
    • Expert Talk
    • Hacker's Corner
    • Losing Sleep in the C-Suite
  • IoT
    • IoT Insights
  • Malware
    • Malware Alerts
  • Contact Us
  • Search

What are you looking for?

  • DDoS Attack Definitions - DDoSPedia

    DDoSPedia is a glossary that focuses on network and application security terms with many distributed denial-of-service (DDoS)-related definitions. It provides a central place for hard to find web-scattered definitions on DDoS attacks.

  • Search

    Duqu

    Duqu is a highly advanced computer worm—first discovered on September 1, 2011, by CrySyS Lab of the Budapest University of Technology and Economics in Hungary—believed to have been created by the same individuals that created the Stuxnet worm that caused Iranian nuclear turbines to malfunction in 2010. Similarly to Stuxnet, Duqu was highly targeted (having been discovered on less than 50 systems worldwide), used zero-day Windows kernel vulnerabilities to install itself, and used stolen digital keys to sign its components. Unlike Stuxnet, however, Duqu was not designed to disrupt industrial SCADA systems. Instead, it gathered intelligence through keylogging, recording system information, and stealing digital certificates and their corresponding private keys. Many of the Duqu infections occurred at companies involved in manufacturing industrial control systems, so it is possible that Duqu-stolen information could be used as the basis for a future Stuxnet-like attack.

    While Duqu had the ability to propagate, it did not do so automatically as some other computer worms have. Its owners only targeted specific machines within specific companies through the use of a spear phishing email with an attached Microsoft Word document. Malware code attached to the document executed itself upon a user opening it, and remained dormant for a matter of minutes on the user’s system before downloading and installing additional Duqu modules that allowed for its intelligence gathering and communication abilities.

    One interesting note regarding Duqu’s command and control (C&C) architecture was the use of what could potentially be a zero-day exploit affecting OpenSSH 4.3 to take control of new servers. Research involving salvaged log files from Duqu C&C servers that had been wiped by Duqu’s owners revealed that immediately after hacking each C&C server, the hacker would update OpenSSH from version 4.3 to the latest version at the time (5.8). Some theorize this practice of updating OpenSSH could be to remediate the vulnerability used to hack into the server in the first place in order to prevent someone else from regaining control of a hacked server. The existence of this OpenSSH vulnerability has not been proven, so many researchers believe that Duqu’s owners simply forced the SSH passwords of the servers they hacked. Duqu’s owners also seemed to have an affinity for Linux distribution CentOS 5.x; this could have been a coincidence or they possessed an exploit affecting CentOS 5.x systems.

    Furthermore, a large part of Duqu’s C&C communications software module was written in a previously unidentifiable programming language significantly different from that used to write other Duqu modules. Duqu’s “Mystery Language” identification finally arrived after research efforts were crowd-sourced. Researchers, with the help of various individuals, concluded that Duqu’s “Mystery Language” was a special variant of the C programming language called OO C (Object-Oriented C) with custom extensions and was compiled with the Microsoft Visual Studio Compiler. This abnormal use of OO C as opposed to a more mainstream language such as C++ to write parts of Duqu is yet another hint that suggests that the individuals who developed Duqu (and Stuxnet) are highly skilled, well funded, and probably backed by a nation-state.

  • DDoSPedia Index

    #

    • #OpIsrael
    • #RefRef

    A

    • ADB Miner
    • Admin.HLP
    • Advanced Persistent Attack
    • Amplification Attack
    • Anonymous
    • Apache Killer
    • Application Misuse Attack
    • ARP Poisoning
    • Asymmetric Attack

    B

    • Backdoor
    • BEAST
    • Booster Script
    • Border Gateway Protocol (BGP) Attack
    • Botmaster
    • Botnet
    • Boy-in-the-Browser Attack
    • BrickerBot
    • Buffer Overflow Attack
    • ByteDoS

    C

    • CERT
    • Clean Pipe
    • Clearnet
    • Click Fraud
    • Clickjacking
    • CoAP
    • Command and Control Server
    • Conflicker
    • Cookie
    • Cookie Poisoning
    • Counter-attack
    • Cryptovirus
    • CutWail Botnet
    • CVE
    • Cyber Ransom

    D

    • Darknet
    • Darkness (Optima)
    • DarkSky
    • Dark Web
    • Deep Web
    • Digital Fraud
    • Distributed Denial-of-Service (DDoS) Attack
    • DNS Amplification Attack
    • DNS Flood
    • DoS (Denial-of-Service) Attack
    • DROWN
    • DrDos Attack
    • Duqu
    • Dynamic Web Injection

    E

    • Exploit

    F

    • Flame
    • Flood
    • Forged Cookie
    • FREAK
    • Fraggle Attack
    • Fragmented ACK Attack

    G

    • Guy Fawkes Mask

    H

    • Hacker
    • Hacktivist
    • Hijackware
    • HEARTBLEED
    • High-rate Attack
    • HOIC (High Orbit Ion Cannon)
    • Honeypot
    • Hping
    • HTTP
    • HTTPS
    • HTTPS Flood
    • HTTP Challenge
    • HTTP Cookie
    • HTTP Flood
    • HTTP Fragmentation Attack

    I

    • I2P (Invisible Internet Project)
    • ICMP Flood
    • Impression Fraud
    • Ingress Filtering (InFilter)
    • Internet Pipe Saturation
    • IP Address
    • IP Spoofing
    • IRC (Internet Relay Chat)
    • ISP (Internet Service Provider)
    • itsoknoproblembro
    • Izz ad-Din al-Qassam Cyber Fighters

    J

    • JenX
    • JS Cookie Challenges

    K

    • Keylogging

    L

    • LAND Attack
    • LOIC (Low Orbit Ion Cannon)
    • Low-rate Attack
    • LulzSec

    M

    • MalSpam
    • Malware
    • Man-in-the-Browser Attack
    • Man-in-the-Middle Attack
    • Memcached
    • Mirai
    • Mitigating Controls
    • Mobile LOIC
    • Morris Worm
    • MSSP
    • Multi-Factor Authentication
    • Mydoom

    N

    • Naptha Attacks
    • Necurs
    • Network Scan
    • Nuke

    O

    • Open DNS Resolver
    • Operation Ababil
    • Operation AntiSec
    • Operation Blackout
    • Operation Defense
    • Operation Killing Bay
    • Operation Payback
    • OpIcarus
    • OpIsrael
    • OpKillingBay
    • OpSingleGateway

    P

    • Packet
    • Pandex Botnet
    • Password Spraying
    • Parasiteware
    • Peer to Peer Attack
    • Ping of Death
    • PitbullBot
    • POODLE
    • Port Scan
    • Pushdo Botnet
    • Putinstresser
    • Pyloris

    Q

    No terms currently listed.

    R

    • Ransomware
    • Ransom DDoS
    • Rate Limit
    • RFI/LFI
    • Reflector/Reflective DoS attacks
    • Reflector server
    • Resident Virus
    • R.U.D.Y. (R-U-Dead-Yet?)

    S

    • Scareware
    • Scrubbing Center
    • Session Hijacking
    • SIP Register flood
    • SIP Malformed Attack
    • SIP Server Flood
    • SIP brute force
    • SIP Client Call Flood
    • Slow-Rate Attack
    • Slowloris
    • Smurf Attack
    • Social Engineering
    • SSL
    • SSL Stripping
    • Sockstress
    • SQL Injection
    • SSL Garbage Flood
    • Stabuniq
    • Static Web Injection
    • Stuxnet
    • Supply Chain Attack
    • SYN-ACK Flood
    • SYN cookies
    • SYN Flood

    T

    • Topera
    • Tor's Hammer
    • TOR
    • TCP Flood
    • Trin00
    • TheWikiBoat
    • THC-SSL DoS
    • Traffic
    • Trickbot
    • Trojan Horse
    • TDL-4 (Alureon)
    • TCP Window Scaling
    • Teardrop Attack
    • TLS

    U

    • UDP Flood

    V

    • Vulnerability
    • Vulnerability Scanner

    W

    • WannaCry
    • Wireshark
    • Web Scraping
    • Web Application Security
    • Worm

    X

    • XerXeS

    Y

    No terms currently listed.

    Z

    • Zeus
    • Zero-Day/Zero-Minute Attack
    • Zombie
Top
DDoS Knowledge Center
  • DDoS Chronicles
  • Research
  • DDoS Definitions - DDoSPedia
  • Infographics
DDoS Threats and Attacks
  • DDoS Attack Types
  • DDoS Ring of Fire
  • Threat Advisories and Attack Reports
DDoS Experts' Insider
  • Losing Sleep in the C-Suite
  • Expert Talk
  • ERT Case Studies
radware.com
  • Security
  • SSL Attack Protection
  • Application & Network Security

© Radware Ltd. 2019 All Rights Reserved | Privacy Policy | Feedback |

  • Radware Blog
  • Twitter
  • LinkedIn
  • YouTube
  • facebook