Search This Blog

Symantec Researchers discovered new variant of Duqu Malware

Symantec researcher discovered a new variant of W32.Duqu malware that was designed to evade some security product detections. This is first version of Duqu found in 2012.

The file received by researcher is only one component of the Duqu threat however—it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk).
Image Credit: Symantec

According to analyze report, the compile date on the new Duqu component is February 23, 2012, so this new version has not been in the wild for very long. .

The new variant come with a new encryption algorithm to encrypt other component on disk. Another difference is the old driver file was signed with a stolen certificate—and this one is not. Also the version information is different in this new version compared to the previous version .  In this case, the Duqu file is pretending to be a Microsoft Class driver.

"Without the other components of the attack it is impossible to say whether any new developments have been added to the code since we last saw a release from the group in November 2011." Researcher said.

The discovery of new variant clearly indicates that Duqu authors are continuing their operation.
Share it:



Malware Report