Duqu detection toolkit unveiled

Hungarian security research centre, the Laboratory of Cryptography and System Security (CrySyS), has released an open source toolkit designed to detect the malware on corporate networks, reports V3.co.uk

Being the first organisation to discover the Trojan known as Duqu, CrySyS says that the kit uses signature and heuristics-based methods to detect the malware even when certain components have been removed from the system.

According to PCWorld, the Duqu Detector Toolkit v1.01 looks for suspicious files left by Duqu, which has created a buzz in the security community given its stealthy nature and some characteristics it shares with another famous piece of malicious software, open source.

However, CrySys notes that the toolkit should detect a real active Duqu infection, but it is possible to get a false positive, so it cautioned that administrators will need to analyse the results.

IT World reports that the toolkit also has a component that could let victims figure out what data Duqu has stolen. Costin said stolen data is stored in files ending in 'DQ' - hence the malware's name - and in 'DF'.

“I'm sure that any victim wants to know what was stolen from them,” adds Costin Raiu, director of the global research and analysis team for Kaspersky Lab.