Open-source toolkit finds Duqu infections

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9221702/Open_source_toolkit_finds_Duqu_infections

By Jeremy Kirk
IDG News Service
November 10, 2011

The lab credited with discovering the Duqu malware has built an 
open-source toolkit that administrators can use to see whether their 
networks are infected.

The Duqu Detector Toolkit v1.01 looks for suspicious files left by Duqu, 
which has created a buzz in the security community given its stealthy 
nature and some characteristics it shares with another famous piece of 
malicious software, Stuxnet.

The Laboratory of Cryptography and System Security (CrySys), part of 
Budapest University of Technology and Economics based in Hungary, wrote 
in its release notes that the toolkit, which is composed of four 
components, looks for strange files that mark an infection.

CrySys said that the toolkit should detect a real active Duqu infection, 
but it is possible to get a false positive, so it cautioned that 
administrators will need to analyze the results.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn