New variant shows Duqu attackers still in operation

Security researchers at Symantec has flagged a new variant of the Duqu cyber-espionage Trojan, a clear sign that the attacks are still ongoing.

The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.

Symantec identified the newly compiled Duqu driver as mcd9x86.sys and said it contains no new functionality beyond spying and collecting data from infected machines.

Duqu is a highly specialized Trojan capable of gathering intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

Kaspersky Lab's Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.

ALSO SEE:

Windows kernel 'zero-day' found in Duqu attack

Microsoft issues temporary 'fix-it' for Duqu zero-day

Stuxnet 2.0? Researchers find new 'cyber-surveillance

Open-source Duqu detector toolkit released

Hungarian Lab found Stuxnet-like Duqu malware