New Toolkit Able to Track and Trace Duqu Worm

The Hungarian research facility that helped discover Duqu, the much-blogged about Trojan, has now released an open-source toolkit that can be used to help detect traces and instances of the worm.

The Hungarian research facility that helped discover Duqu, the much-blogged about Trojan, has now released an open-source toolkit that can be used to help detect traces and instances of the worm.

The Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics developed the Duqu Detector Toolkit v1.01 to be used on computers and networks where the malware may have already been removed from the system. Duqu – a cousin of the Stuxnet worm that infected uranium enrichment facilities in Iran, famously had a hard-coded 36 day lifespan. But ystems may still retain certain Duqu files even after the virus has deactivated itself.By focusing on what they refer to as “suspicious files,” the toolkit can “detect new, modified versions of the Duqu threat,” CrySys said. 

Like other toolkits, CrySys claims the tool could still generate false positives and therefore encourages a professional looks over the log files of each test.

As Threatpost previously reported, users can be infected with Duqu after opening a particular Word document that exploits a flaw in Windows’ Win32k TrueType font parsing engine and lead to remote code execution. Microsoft has maintained they’re working on a patch for the bug but in the meantime, released a workaround for the kernel flaw late last week.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.