W32/Duqu – Stuxnet lite?

October 19, 2011 by Snorre Fagerland - No Comments

Yesterday, Oct 18th, our competitor Symantec published an extensive report on a malware called Duqu, which appears to bear some resemblance to last year’s Stuxnet worm.  This time the malware does not seem to be aimed at sabotage, but is instead made for intelligence gathering.

Kudos to the research lab that alerted the antivirus community about this. Duqu samples had already been received and automatically processed by us and others, but sometimes it takes a watchful eye to spot an interesting malware like this in the flow of garbage we receive.

Duqu is detected by Norman Security products using a generic name, and has been since early September. We have from today renamed the detections to W32/Duqu.

Duqu is now in further analysis in our labs.

Above: a call diagram of the Duqu driver.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
Snorre Fagerland

The Author:

Snorre Fagerland is a Principal Security Researcher in the Malware Detection Team (MDT) at Norman.

View Posts

Security Exposed Bloggers

Norman Blog Archive