Symantec: Duqu Still Active with New Update

Symantec observed a new driver for Duqu which belongs to February 23, 2012, the file investigated contain a non-encrypted component that led researcher to detect the attack code.

Reversing the code showed that attackers are changing and updating their technique to bypass security software’s and make the malicious program undetectable, here there is always a link between Duqu and stuxnet as both target industrial systems.

Duqu Virus

Stuxnet have previously revealed a number of operating system vulnerabilities so for Duqu we still have no idea about it as the sample contain main malicious code is encrypted component but behind updating the code not only bypassing security software’s but also finding new vulnerabilities that may serve for getting more victims.

Symantec close the statement by: Although we do not have all of the information regarding this infection, the emergence of this new file does show that the attackers are still active. Without the other components of the attack it is impossible to say whether any new developments have been added to the code since we last saw a release from the group in November 2011.”

Nothing yet clear but we expect some new update soon.

Source: http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild

Share
You can leave a response, or trackback from your own site.