Wednesday, November 9, 2011

Open Source Duqu Analysis Tool Sharing Update

Via NSS Labs -

Last Friday, NSS researchers announced their findings on Duqu on a blog post We also pointed to our open source tool that we've shared with the security research community. Since posting, the tool has been viewed over 18,000 times and 45 different forks have been created from the github repository in the few days it has been up.

We've set out to make a positive contribution to the community by giving code because we felt that taking action would yield the most positive results and would help others take action as well.

Today, CrySyS labs has released a great toolkit to detect duqu It is open source and has compiled binaries ready for usage. They are taking action by helping the community and kudos to them for their contributions to detection for the community.


CrySyS Duqu Detector Toolkit

We developed a detector toolkit that combines simple detection techniques to find Duqu infections on a computer or in a whole network. The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.

The intention behind the tools is to find different types of anomalies (e.g., suspicious files) and known indicators of the presence of Duqu on the analyzed computer. As other anomaly detection tools, it is possible that it generates false positives. Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps.

No comments:

Post a Comment