/>
X

New variant shows Duqu attackers still in operation

Security researchers at Symantec discover a new Duqu driver compiled in February 2012.
ryan-naraine.jpg
Written by Ryan Naraine on

Security researchers at Symantec has flagged a new variant of the Duqu cyber-espionage Trojan, a clear sign that the attacks are still ongoing.

The latest Duqu driver was compiled in February 2012, more than four months after Duqu was first flagged as a unique piece of malware “striking similarities” to Stuxnet, the mysterious computer worm that targeted nuclear facilities in Iran.

Symantec identified the newly compiled Duqu driver as mcd9x86.sys and said it contains no new functionality beyond spying and collecting data from infected machines.

Duqu is a highly specialized Trojan capable of gathering intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

Kaspersky Lab's Costin Raiu says the latest variant has been engineered to escape detection by the open-source Duqu detector toolkit released by CrySyS Lab.

ALSO SEE:

  • Windows kernel 'zero-day' found in Duqu attack
  • Microsoft issues temporary 'fix-it' for Duqu zero-day
  • Stuxnet 2.0? Researchers find new 'cyber-surveillance
  • Open-source Duqu detector toolkit released
  • Hungarian Lab found Stuxnet-like Duqu malware
  • Related

    Why you should really stop charging your phone overnight
    iphone-charging.jpg

    Why you should really stop charging your phone overnight

    iPhone
    How to get Photoshop for free
    photoshop free trial

    How to get Photoshop for free

    Photo & Video
    A United Airlines pilot made a big speech to passengers. Not everyone will love it
    screen-shot-2022-08-09-at-9-39-33-am.png

    A United Airlines pilot made a big speech to passengers. Not everyone will love it

    Business