http://www.nsslabs.com/blog/2011/11/duqu-analysis-and-detection-tool.html
NSS engineers have developed a scanning tool that can be used to detect all DuQu drivers installed on a system. This tool was developed in the hopes that additional drivers can be discovered to allow us to learn more about the functionality, capabilities and ultimate purpose of DuQu.
Based on layout of the drivers discovered so far, the NSS tool is capable of detecting 100% of drivers with zero false positives. Because it is using advanced pattern recognition techniques, it is also capable of detecting new drivers as they are discovered. Two new drivers were discovered after the tool was completed, and both were detected by the NSS tool with no updates required.
No comments:
Post a Comment