Stuxnet: The Revenge of Malware: How the Discovery of Malware from the Stuxnet Family Led to the U.S. Government Ban of Kaspersky Lab Anti-Virus Software

Duqu, the infamous malware from the Stuxnet family, made its return. First discovered in October 2011, Duqu was actively spying on digital certificate issuing authority in Hungary. As soon as it was exposed, the malware was abandoned by its originators. Information security companies added it to a "blacklist" database of anti-virus software. After that initial discovery, Duqu had been out of the spotlight for almost four years, until one of the biggest names in cyber-security, Kaspersky Lab, announced that it had detected the presence of the Duqu malware. On June 10, 2015, Kaspersky Lab issued a press release with an intriguing headline, which began with the words "Duqu is back". The press-release acknowledged that Kaspersky Lab's corporate network was attacked by new malware, loaded with three zero-day vulnerabilities. The detailed analyses of the malware by Kaspersky Lab revealed similarities between the newest malware and the infamous member of the Stuxnet family - Duqu. The malware infected one of the computers in the Asian-Pacific regional office of Kaspersky Lab. Then it granted itself the rights of the domain administrator, including access to Microsoft Software Installer (MSI) . Using the MSI, malware installed itself on other networked computers, slowly but surely making its way from Asia to the Kaspersky Lab's headquarters in Moscow, Russia. That discovery had big implications not only for the ways anti-virus software detects intrusions but also for Kaspersky Lab itself. Usually malware, after being detected, has no means of fighting back. It was not the case with Duqu. Two years after its exposure, the Duqu malware had its revenge. In 2017, the USA, UK, and some other European countries issued a ban on the use of Kaspersky Lab computer security software on their government and military computers. Their decision was based on information presented to them by the originators of the Duqu malware, which had been quietly stealing data from inside of Kaspersky Lab's corporate computer network. In an unbelievable turn of events, detection of malware by one of the most recognizable names in information security industry led to a removal of Kaspersky Lab's anti-virus software from computers that by association require the most protection because they keep top secrets and constantly targeted by adversaries. To better understand how it could have happened, we need to explore the story about the Duqu malware, the only malware that had its revenge.