Open-source Duqu detector toolkit released

Open-source Duqu detector toolkit released

Summary: The Laboratory of Cryptography and System Security (CrySyS) in Hungary has released an open-source toolkit that can find traces of Duqu infections on computer networks.


The Hungarian research lab credited with discovering the Duqu cyber-surveillance trojan has released a detector toolkit to help find Duqu infections on a computer or in a whole network.

The open-source toolkit, from the Laboratory of Cryptography and System Security (CrySyS), contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the malware are already removed from the system.

follow Ryan Naraine on twitter

From the CrySyS documentation:

The intention behind the tools is to find different types of anomalies (e.g., suspicious files) and known indicators of the presence of Duqu on the analyzed computer. As other anomaly detection tools, it is possible that it generates false positives. Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps.

This toolkit contains very simple, easy-to-analyze program source code, thus it may also be used in special environments, e.g. in critical infrastructures, after inspection of the source code (to check that there is no backdoor or malicious code inside) and recompiling.

Hungarian Lab found Stuxnet-like Duqu malware ]

According to CrySyS, the toolkit  may also detect new, modified versions of the Duqu threat.

Duqu deactivates after a time limit and removes itself from the computer, but some temporary files could still indicate that the computer was affected by a former Duqu infection, our toolkit might identify these cases, too.

Duqu, which is being used to spy on select targets around the world, contains “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.


Topics: Security, CXO, Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Open-source Duqu detector toolkit released

    I don't use Windows cause I use OS X so am not affected...
    • Actually, the story is a bit longer than this ...

      Hi, my name is shellcodes_coder. Actually, it's Jim Bob Joe, but i digress. I tried OpenBSD once and it made my head hurt because it was so hard to install. I never could get pictures to show up so the h*** with that s***. Then I tried Linux or, more specifically, Kubuntu. It was a heck of a lot easier than OpenBSD with actual windows and all. And, finally, I could see pictures! But I wore out two keyboards in six months typing in all those commands. And when I tried to upgrade after only 6 months it trashed my system and I lost all of my, err, data. I had to do a clean install. Then two more keyboards, periodic, err, data backups and another failed upgrade. Kumbaya my a**. This is when I switched to Windows. Well, there was no more typing in commands. But, whoa Nelly! I never knew that machines could catch viruses. Heh. After reinstalling Windows and restoring my, err, data for the 100th time (h** yea I learned something from Linux!), I decided that there had to be a better way. Next in line was Mac OS X. Gee-eesh! The government should really look into the pricing of these things. It's cut DEEP into my moonshine purchases from my cousin, Billy Bob Jim. But, hallaluja! Now I can look at pictures without typing in commands and my machine doesn't catch viruses anymore. <br><br>Note: @shellcodes_coder, this was done in fun and I sincerely hope that you are not offended. If you are, I apologize and just click the 'Flag' link.
      Rabid Howler Monkey
      • RE: Open-source Duqu detector toolkit released

        @Rabid Howler Monkey

        +infinty and thanks for mAking my day I just spit soda everywhere LMAO
    • I use Windows and I'm not affected

      But then I'm not affected by the load of security issues affectiung a OS X, either.
      William Farrell
  • RE: Open-source Duqu detector toolkit released