Information Week of November 11, 2011 reports that Duqu Detector Toolkit has been developed by CrySys Lab of the Budapest University of Technology and Economics.
The toolkit is designed to detect even dormant infections. The malware used in highly targeted attacks, is related to Stuxnet and has a dropper file (installer) to infect computers. The installer is a malicious Word document (.doc file).
Duqu malware was designed for industrial espionage, and is similar to Stuxnet.
Detection techniques include signature-based and heuristics-based scanning to find 'traces of infections', detecting suspicious files.
Duqu exploits zero-day vulnerability in the font parsing flaw in the TrueType engine in 32 bit Windows versions. Microsoft has issued security alert and is yet to issue a patch.
http://support.microsoft.com/kb/2639658
Further details of the toolkit at:
http://www.crysys.hu/duqudetector.html
http://www.crysys.hu/duqudetector-files/files/manual-v1_02.txt
http://www.informationweek.com/news/security/management/231902866
-Joseph Ponnoly
The toolkit is designed to detect even dormant infections. The malware used in highly targeted attacks, is related to Stuxnet and has a dropper file (installer) to infect computers. The installer is a malicious Word document (.doc file).
Duqu malware was designed for industrial espionage, and is similar to Stuxnet.
Detection techniques include signature-based and heuristics-based scanning to find 'traces of infections', detecting suspicious files.
Duqu exploits zero-day vulnerability in the font parsing flaw in the TrueType engine in 32 bit Windows versions. Microsoft has issued security alert and is yet to issue a patch.
http://support.microsoft.com/kb/2639658
Further details of the toolkit at:
http://www.crysys.hu/duqudetector.html
http://www.crysys.hu/duqudetector-files/files/manual-v1_02.txt
http://www.informationweek.com/news/security/management/231902866
-Joseph Ponnoly
No comments:
Post a Comment