Comment Typo (Score 1) 265
The author on Ars is Dan Goodin, not Goodwin.
The author on Ars is Dan Goodin, not Goodwin.
The question is: What if other already used similar method to send messages to us? How would you find that out? Anybody tried to find it out? Considering the possibility we are not alone...
http://en.wikipedia.org/wiki/Duqu
Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.
Symantec, based on the CrySyS report, continued the analysis of the threat, which it called "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper on it with a cut-down version of the original lab report as an appendix. Symantec believes that Duqu was created by the same authors as Stuxnet, or that the authors had access to the source code of Stuxnet.
More likely Duqu==Stuxnet==Stars. Same guys, different vulns, different tools. Duqu is an instance made from a lego-kit.
CrySys Lab released a new open-source toolkit to detect duqu traces (possibly some file left after duqu uninstalled itself after 30-36 days) and running Duqu instances.
http://www.crysys.hu/duqudetector/
Our tool combines heurestic and signature based approach, e.g. it calculates entropy for
There should be some mistake or missing information in the article. E.g. cubic meter is not the same as cubic kilometer, and cubic meter does not mean cubic meter per capita...
They also use hawks here, in Hungary, Eu.
The nice thing about hawks is that they don't strike.
"Been through Hell? Whaddya bring back for me?" -- A. Brilliant