Added January 4 (time for an update!):
Four Takeaways from the Stuxnet-Duqu Connection -
DarkReading - posted 1/2/12 [four points worth noting in
protecting ICS/SCADA/DCS systems as well!]
Kaspersky Lab Experts: Duqu and Stuxnet Not the Only
Malicious Programs Created by the Responsible Team -
Kaspersky - posted
12/29/11 [describes the "Tilded" platform and how it was
possibly used in both sets of malware, plus three "unknown"
pieces of malware yet discovered.]
The Myster of Duqu: Part Seven: The Evolution of Drivers -
SecureList/Kaspersky Expert - posted
12/28/11 [blog entry by Alexander Gostev (Chief Security
Expert) discusses his findings that "the platform used to
create Duqu and Stuxnet is the same".]
The Mysterty of Duqu: Part Six - SecureList/Kaspersky
Expert - posted 11/30/11 [this entry looks at the C&C
infrastructure used by Duqu, stating more than a dozen C&C
servers estimated active]
Duqu Analysis Shows ICS-SCADA Networks Vulnerability -
InfoSec Island - posted 12/15/11 [summarizes ENISA report on
Duqu available
here]
Microsoft fixes Duqu Hole - CNet - posted 12/13/11
[Elinor Mills summarizes this months MS update, and provides
an
informative graph on security bulletin severity over the
period 2004-2011]
Beyond Stuxnet and Duqu: Security Implications to Our
Infrastructure - Symantec - posted 12/12/11 [excellent
report that ties in ICS/SCADA/DCS security to threats like
Duqu]
Attackers Clean Out Duqu Servers - ISSSource - posted
12/5/11 [hackers behind Duqu have shutdown their snooping
operation, and removed all of the 12 known C&C servers]
Added November 24:
How the Duqu Authors May Have Erred - Threat Post [looks
at likely scenario that Stuxnet and Duqu were created by the
same team, their targets, and some potential errors they may
have made]
Anatomy of the Duqu Attacks - Threat Post [first in two
part series with Costin Raiu from Kaspersky]
Cyber attacks on critical infrastructure reach U.S. -
Homeland Security Newswire [questionable sources, implies
Israel for both Stuxnet and Duqu and attributes missile
explostion in Iran to Duqu]
Israel's Secret Attack Plan: Electronic Warfare - Daily
Beast [vulnerability of Iran grid and susceptibility to
Stuxnet-like attack]
Kaspersky Press Release Page for Duqu - Kaspersky [very
good site of reference links to their posts, podcasts,
media, etc.]
Added November 15:
The Mystery of Duqu: Part Five - SecureList/Kaspersky Expert [more
new analysis, including look at the payload]
Security researcher says Iran to blame for its own Duqu
infections - ComputerWorld [Iran not sharing samples of
malware hinder response efforts]
Iran Admits Nuclear Sites Hit by 'Duqu' Cyberweapon -
FoxNews [Iran admits Duqu hits nuclear sites]
November 13:
Iran says has detected Duqu computer virus - Reuters [Iran
fighting Duqu with success]
Ramping up U.S. Cybersecurity - Politico [Janet
Napolitano talks about what DHS is doing to help protect
U.S. from cyber-villians]
Added November 11:
The Duqu Saga Continues: Enter Mr. B Jason and TV's -
SecureList/Kaspersky Expert [more on similarities with
"Stars" (remember the galaxy JPG in Duqu!) and new detailed
analysis of Penetration and Collecting Info]
Added November 10:
Part Two: Duqu: father, son, or unholy ghost of Stuxnet? - SC Magazine [analysis by
USAF Cyberspace Officers] Contributed by @RobertMLee
Duqu and Rumors of War - ISSSource [implicates Obama had
knowledge of Duqu and its applicability in Libya]
Open-Source Toolkit Tracks Down Duqu Infections - IDG
News reported by PC World [new toolkit by CrySys]
Added November 9:
Duqu spawned by 'well-funded team of competent coders' -
UK Register [look at team of developers and steganographic
techniques]
ICS-CERT Updates Duqu and Adds CitectSCADA Advisory -
Chemical Facility News ["Stars" is missing from US-CERT
report]
Live Hacking [another reference tag with links to
related Duqu posts]
Added November 7:
Duqu and Stars: Proceed with Caution - Robert M. Lee via
InfoSec Island [raises doubt about Duqu similarities with
Stars]
Cyber-Espionage, Duqu Trojan Lead Week's Security News -
eWeek [brings Duqu, Nitro and other events together
regarding cyber espionage]
Duqu FAQ (Updated) - SecureList/Kaspersky Export [faqs]
India shuts server linked to Duqu computer virus
(updated) - Reuters [tracks C&C server lease to client in
Milan, Italy]
Added November 6:
Microsoft Sloppy on Duqu Workaround - ComputerWorld
[must read before implement MS workarounds]
Product Watch: New Free Duqu Scanner Released - Dark
Reading [NSS Labs detection/removal tool]
Added November 5:
Duqu First Spotted as 'Stars' Malware in Iran - SecureList/Kaspersky Expert
[similar to "Stars", created to spy on Iran]
Duqu: father, son, or unholy ghost of Stuxnet? - SC Magazine [analysis by
USAF Cyberspace Officers] Contributed by @RobertMLee
Added November 3:
Microsoft Releases Workaround for Kernel Flaw used by Duqu - ThreatPost
[includes advisory and fixit tool]
Microsoft releases Security Advisory 2639658 - Microsoft TechNet Blogs
The Mystery of Duqu: Part Three - SecureList/Kaspersky Expert [corrections,
notes on dropper, theory of author]
Previous Posts:
What is Duqu up to? - Dark Reading [searching for answers]
Duqu Malware: Still No Patch - Information Week [Stuxnet-like SMB infection
mechanism]
Windows kernel 'zero-day' found in Duqu attack - ZD Net [MS Security
Response acknowledges 0-day]
Duqu: Status Updates Including Installer with Zero-Day Exploit Found -
Symantec [diagram of dropper and infection map]
Duqu Installer Contains Windows Kernel Zero Day - Threat Post [dropper only
works for 8 days in August]
Spotted in Iran, trojan Duqu may not be "son of Stuxnet" after all - ARS
Technica [believes not related to Stuxnet]
New Analysis Questions Origin of Duqu Trojan - ThreatPost [intro to Dell
report, other adds]
Win32/Duqu: It's A Date - ESET [offers insight and tools into config
decryption]
Duqu registers no alarm for Siemens, infection hits Indonesia - Jakarta Post
[target identification]
Duqu: Another Reason to Invest in Cyber Security - InvestmentU [target
identification]
The Mystery of Duqu: Part Two - SecureList/Kaspersky Expert [read
conclusion! new target info & drivers]
Duqu Updated Targeting Information - Symantec [insight into intented
targets]
W32.Duqu: The Precursor to the Next Stuxnet - Symantec
Why Does Duqu Matter? - EmptyWheel [more details on target identification]
Duqu Status Update #1 - Symantec [initial researcher name disclosed]
The Mystery of Duqu: Part One - SecureList/Kaspersky Expert [details on both
Stuxnet & Duqu]
What is
the "adpu321.sys" - System Explorer [details of adpu321.sys]
Does Anyone Want Sourcecode to Stuxnet? - SCADAhacker [references to useable
code]
Duqu, Son of Stuxnet, Destroyer of Worlds! - eEye chief
researcher Marc Maiffret [discredits similarities with
Stuxnet]
Duqu FAQ - SecureList/Kaspersky Export [faqs]
Duqu: Not the Son of Stuxnet, but the Vanguard of a New Generation? -
Malware City [questions similarity to Stuxnet]
Son of Stuxnet Found in the Wild on Systems in Europe - Threat Level/Wired
[one of early breaking stories]
The Day of the Golden Jackal – The Next Tale in the Stuxnet
Files: Duqu Updated - McAfee [early analysis]
Virus Experts Warn of Stuxnet Variant "Duqu" - ThreatPost [early release]
Evidence of Infected SCADA Systems Washes up in Support Forums - ThreatPost