Duqu Detector Toolkit By CrySyS Lab
CrySyS Duqu detector toolkit released.
The researchers at the lab credited with identifying the zero-day delivery mechanism of the Duqu bo, the Hungarian Laboratory of Cryptography and System Security (CrySyS), have released a toolkit for detecting the pest, even after components of it have been removed from a system.
According to CrySyS Lab Statement:-
"Our lab, the Laboratory of Cryptography and System Security (CrySyS) pursued the analysis of the Duqu malware and as a result of our investigation, we identified a dropper file with an MS 0-day kernel exploit inside. We immediately provided competent organizations with the necessary information such that they can take appropriate steps for the protection of the users."
The DuquDetector software comprises four executable tools which in turn scan for Duqu-infected system drivers, PNF files with "suspiciously high entropy", Duqu's temporary files and PNF files with no corresponding .inf files. It places these results in a logfile for an experienced practitioner to analyse. The combination of signature and heuristics-based analysis does mean that, as with other tools for detecting anomalies, false positives can get generated. For more details click Here
To download the Duqu Detector by CrySyS Click Here