CrySyS tool IDs new Duqu variant

Powered by SC Magazine
 

'Son-of-Stuxnet' ducks, fails, anti-virus check.

CrySyS Lab has updated its Duqu malware detection tool to identify a new variant of the Stuxnet-like trojan, detected this week.

The Duqu malware was sophisticated and dangerous, but not prolific. It had created backdoors in a limited number of industrial systems in Iran, India and some European countries.

But on Tuesday, Symantec researchers said they received a variant of the Windows-based malware that had been tweaked to avoid anti-virus detection.

Researchers passed on the Duqu loader file to the Budapest-based CrySyS (Laboratory of Cryptography and System Security) Lab. It used the file to update its free Duqu detection tool

The loader file was used to execute the encrypted Duqu malware once an infected machine restarted. 

Credit: Symantec
  

Symantec researchers said the Duqu variant was compiled on 23 February and was tweaked "just enough" to evade anti-virus checks, though the effort was only "partially successful".

The driver file, previously signed with a stolen certificate, was now made to resemble a Microsoft driver they said.

Last week, continued research by Kaspersky and the information security community identified a component of Duqu that was written in a previously alien code.

Input from the community led researchers to confirm the Duqu Framework was compiled with a slightly modified creation of customer object-oriented extension to C.

Work on identifying the creators of Duqu and its command and control servers continues.

Copyright © SC Magazine, Australia


CrySyS tool IDs new Duqu variant
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3112

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 994

Vote