Open-source Duqu detector toolkit released

Summary:The Laboratory of Cryptography and System Security (CrySyS) in Hungary has released an open-source toolkit that can find traces of Duqu infections on computer networks.

The Hungarian research lab credited with discovering the Duqu cyber-surveillance trojan has released a detector toolkit to help find Duqu infections on a computer or in a whole network.

The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system.

follow Ryan Naraine on twitter

From the CrySyS documentation:

The intention behind the tools is to find different types of anomalies (e.g., suspicious files) and known indicators of the presence of Duqu on the analyzed computer. As other anomaly detection tools, it is possible that it generates false positives. Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps.

This toolkit contains very simple, easy-to-analyze program source code, thus it may also be used in special environments, e.g. in critical infrastructures, after inspection of the source code (to check that there is no backdoor or malicious code inside) and recompiling.

Hungarian Lab found Stuxnet-like Duqu malware ]

According to CrySyS, the toolkit  may also detect new, modified versions of the Duqu threat.

Duqu deactivates after a time limit and removes itself from the computer, but some temporary files could still indicate that the computer was affected by a former Duqu infection, our toolkit might identify these cases, too.

Duqu, which is being used to spy on select targets around the world, contains “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.

READ MORE:

Topics: Security, CXO, Open Source

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.