Duku

Duku is a Trojan that receives its orders from an IP address located in India. While PC security analysts have blocked its IP address, there has been a surprise at this dangerous infection's similarity to Stuxnet. According to ESG security researchers, this is cause for worry, due to Stuxnet's status as one of the most dangerous malware infections of this decade. Thankfully, Duku still lacks some of Stuxnet's ability to exploit critical security vulnerabilities, in order to infect a computer system.

Duku is a Remote Access Trojan, that is, a malware infection designed to take control of a computer system and give a remote party full access to the victim's computer. From afar, a hacker can delete files, control the infected computer and steal information. Most of the time, RATs are used to put into place an automated controller that can take control of a large number of infected computer systems at once and issue orders through an IRC. In this way, computer systems infected with Duku can be used for coordinated attacks in vast networks of infected computer known as botnets.

ESG security researchers consider that Duku is probably the creation of the makers of Stuxnet or of people with access to Stuxnet's source code. Thankfully, Duku still lacks many of the resources that made Stuxnet such a vicious threat. Malware analysts have not been able to identify the Dropper Trojan associated with Duku, that is, the malware infection that delivers this dangerous threat. Like most malware infections with a similar way of operating, the source of a Duku infection can often be traced to phishing emails or to an infected external drive or shared file on the victim's network.

According to ESG security researchers, it seems that the Duku RAT has been used to target specific European organizations and is probably of Russian origin (this is no surprise, considering that the Russian Federation has long harbored notorious computer criminals and some of the largest botnets in the world). While the Duku RAT can be used for all sorts of purposes, such as sending out spam email or performing DDoS attacks on specific targets, it seems that criminals have been mainly using this malware threat to steal all sorts of information. Since Stuxnet is an Internet worm designed to take advantage of security vulnerabilities in Siemens industrial equipment, there may be some connection between its victims and this technology company. Due to increased security measures (for example, disabling autorun for external memory devices), it is probable that the Duku RAT is spreading using deceptive methods that take advantage of human nature and gullibility, such as phishing emails.