CrySys Lab(Laboratory of Cryptography and System Security ) released anew Anti-Duqu Tool that can detects Duqu malware infection on a computer or in a whole network. The toolkit contains
signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.
The intention behind the tools is to find different types of anomalies
(e.g., suspicious files) and known indicators of the presence of Duqu on
the analyzed computer. As other anomaly detection tools, it is possible
that it generates false positives. Therefore, professional personnel is
needed to elaborate the resulting log files of the tool and decide about
further steps.
This toolkit contains very simple, easy-to-analyze program source code,
thus it may also be used in special environments, e.g. in critical
infrastructures, after inspection of the source code (to check that
there is no backdoor or malicious code inside) and recompiling.
The toolkit may also detect new, modified versions of the Duqu threat.
Duqu deactivates after a time limit and removes itself from the
computer, but some temporary files could still indicate that the
computer was affected by a former Duqu infection, our toolkit might
identify these cases, too.
Here is the Manual for using this tool.
Download the files from here:
http://www.crysys.hu/duqudetector-files/files/duqudetector-v1_01.zipReference:
Duqu exploits zero-day Vulnerability in Windows.Duqu alias Stars.
Ant-Duqu from NSS Labs.
Microsoft Temporary Fix.
