Next Article in Journal
Three Steps to Heaven: Semantic Publishing in a Real World Workflow
Previous Article in Journal
Social Media and Experiential Ambivalence
Previous Article in Special Issue
Stuxnet: What Has Changed?

The Cousins of Stuxnet: Duqu, Flame, and Gauss

Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, Magyar tuósok krt 2, 1521 Budapest, Hungary
Information Systems Research Group, Budapest University of Technology andEconomics, Magyar tudósok krt 2, 1117 Budapest, Hungary
Author to whom correspondence should be addressed.
Future Internet 2012, 4(4), 971-1003;
Received: 18 September 2012 / Revised: 17 October 2012 / Accepted: 31 October 2012 / Published: 6 November 2012
(This article belongs to the Special Issue Aftermath of Stuxnet)
Stuxnet was the first targeted malware that received worldwide attention forcausing physical damage in an industrial infrastructure seemingly isolated from the onlineworld. Stuxnet was a powerful targeted cyber-attack, and soon other malware samples were discovered that belong to this family. In this paper, we will first present our analysis of Duqu, an information-collecting malware sharing striking similarities with Stuxnet. Wedescribe our contributions in the investigation ranging from the original detection of Duquvia finding the dropper file to the design of a Duqu detector toolkit. We then continue with the analysis of the Flame advanced information-gathering malware. Flame is unique in thesense that it used advanced cryptographic techniques to masquerade as a legitimate proxyfor the Windows Update service. We also present the newest member of the family, called Gauss, whose unique feature is that one of its modules is encrypted such that it can onlybe decrypted on its target system; hence, the research community has not yet been able to analyze this module. For this particular malware, we designed a Gauss detector serviceand we are currently collecting intelligence information to be able to break its very specialencryption mechanism. Besides explaining the operation of these pieces of malware, wealso examine if and how they could have been detected by vigilant system administrators manually or in a semi-automated manner using available tools. Finally, we discuss lessonsthat the community can learn from these incidents. We focus on technical issues, and avoidspeculations on the origin of these threats and other geopolitical questions. View Full-Text
Keywords: targeted attacks; Advanced Persistent Threat (APT); cyber espionage; cyber weapons targeted attacks; Advanced Persistent Threat (APT); cyber espionage; cyber weapons
MDPI and ACS Style

Bencsáth, B.; Pék, G.; Buttyán, L.; Félegyházi, M. The Cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet 2012, 4, 971-1003.

AMA Style

Bencsáth B, Pék G, Buttyán L, Félegyházi M. The Cousins of Stuxnet: Duqu, Flame, and Gauss. Future Internet. 2012; 4(4):971-1003.

Chicago/Turabian Style

Bencsáth, Boldizsár, Gábor Pék, Levente Buttyán, and Márk Félegyházi. 2012. "The Cousins of Stuxnet: Duqu, Flame, and Gauss" Future Internet 4, no. 4: 971-1003.

Find Other Styles

Article Access Map by Country/Region

Only visits after 24 November 2015 are recorded.
Back to TopTop