New variant shows Duqu attackers still in operation

New variant shows Duqu attackers still in operation

Summary: Security researchers at Symantec discover a new Duqu driver compiled in February 2012.


follow Ryan Naraine on twitterSecurity researchers at Symantec has flagged a new variant of the Duqu cyber-espionage Trojan, a clear sign that the attacks are still ongoing.

The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.

Symantec identified the newly compiled Duqu driver as mcd9x86.sys and said it contains no new functionality beyond spying and collecting data from infected machines.

Duqu is a highly specialized Trojan capable of gathering intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

Kaspersky Lab's Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.


  • Windows kernel 'zero-day' found in Duqu attack
  • Microsoft issues temporary 'fix-it' for Duqu zero-day
  • Stuxnet 2.0? Researchers find new 'cyber-surveillance
  • Open-source Duqu detector toolkit released
  • Hungarian Lab found Stuxnet-like Duqu malware
  • Topics: Open Source, Operating Systems, Security, Software, Windows

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


    Log in or register to join the discussion
    • Well

      i dont fear anything i got Norton, Bwahahaha
    • I dont care!

      I got Norton :)