New variant shows Duqu attackers still in operation

Summary:Security researchers at Symantec discover a new Duqu driver compiled in February 2012.

follow Ryan Naraine on twitter
Security researchers at Symantec has flagged a new variant of the Duqu cyber-espionage Trojan, a clear sign that the attacks are still ongoing.

The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.

Symantec identified the newly compiled Duqu driver as mcd9x86.sys and said it contains no new functionality beyond spying and collecting data from infected machines.

Duqu is a highly specialized Trojan capable of gathering intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

Kaspersky Lab's Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.


  • Windows kernel 'zero-day' found in Duqu attack
  • Microsoft issues temporary 'fix-it' for Duqu zero-day
  • Stuxnet 2.0? Researchers find new 'cyber-surveillance
  • Open-source Duqu detector toolkit released
  • Hungarian Lab found Stuxnet-like Duqu malware
  • Topics: Open Source, Enterprise Software, Security, Windows


    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.