Duqu malware resurfaces after four-month holiday

By | April 4, 2012

Source: Computerworld


In this article “Duqu, the malware that has been compared to 2010’s notorious Stuxnet, is back, security researchers said today.

After a several-month sabbatical, the Duqu makers recompiled one of the Trojan’s components in late February, said Liam O Murchu, manager of operations at Symantec’s security response team.

The system driver, which is installed by the malware’s dropper agent, is responsible for decrypting the rest of the already-downloaded package, then loading those pieces into the PC’s memory.

Symantec has captured a single sample of the driver, which was compiled Feb. 23, 2012. Before that, the last time the Duqu gang updated the driver was Oct. 17, 2011.”

Leave a Reply