Son of Stuxnet / Duqu Virus

Wondered if CIS can block this new threat Son of Stuxnet / Duqu Virus, and any versions that may come, or possibly even remove via CCE or KillSwitch.

Will they work for industrial control systems?

http://redtape.msnbc.msn.com/_news/2011/10/18/8384786-son-of-stuxnet-virus-could-be-used-to-attack-critical-computers-worldwide

What caught my attention was this

“It is highly likely that this key, just like the previous two, known cases, was not really stolen from the actual companies, but instead directly generated in the name of such companies at a CA as part of a direct attack,” the blog entry said."

UncleDoug

Melih

inside the article was this

It is highly likely that this key, just like the previous two, known cases, was not really stolen from the actual companies, but instead directly generated in the name of such companies at a CA as part of a direct attack," [b]the blog entry[/b] said.

and inside the bog was this

"Here is an example of the certificate that seemingly belongs to C-Media:

Since the discovery of this malware, the certificate above has been revoked by VeriSign as we can see in the image below:

Sorry Melih for some reason I cannot copy the two images

You might make a comment about the need for security for industrial controllers

UncleDoug

took Symantec 44 days to revoke the cert?
they had the file on 1st sept…but revoked on 14th oct :frowning: