Some of you can probably remember the worldwide scandal caused by the Stuxnet virus all over the world? Now the new menace is here wearing a different name being the same dangerous: Duqu. This name as long as it has appeared has been causing lots of stress and worried to computer developers and antivirus professionals all around the world. Duqu’s systematic is so sophisticated that by many it seems that it’s been done by the same developers as Stuxnet making it very similar to the menacing virus which took eight months for twenty top virus analysts to detect and to eliminate. Duqu appeared in 2011’s September causing lots of concerns ever since.
Duqu is said to be able to use system vulnerabilities caused by applications to get into a system in form of a very small doc file that computers detect as an extra TrueType font for Word. Duqu from the moment of getting into a system starts moving around, just like a worm. According to experts the worm Trojan virus is to copy digital certificates and smuggle data to give way to future threats to get in industrial control and other systems of key importance the most easily. The biggest danger of Duqu is that after 36 days of smuggling and transferring data, it erases itself automatically from the hardware leaving almost zero trace.
Now thanks to all the efforts of the Hungarian CrySys team of the University of Technology and Economics, the group has recently published their simple toolkit which can detect quickly whether a system had been infected by Duqu or not. The team states that they could detect the traces left by Duqu and therefore their toolkit will be able to tell the date of infection and other details too.