Symantec: Duqu Still Active with New Update
Symantec observed a new driver for Duqu which belongs to February 23, 2012, the file investigated contain a non-encrypted component that led researcher to detect the attack code.
Reversing the code showed that attackers are changing and updating their technique to bypass security software’s and make the malicious program undetectable, here there is always a link between Duqu and stuxnet as both target industrial systems.
Stuxnet have previously revealed a number of operating system vulnerabilities so for Duqu we still have no idea about it as the sample contain main malicious code is encrypted component but behind updating the code not only bypassing security software’s but also finding new vulnerabilities that may serve for getting more victims.
Symantec close the statement by: “Although we do not have all of the information regarding this infection, the emergence of this new file does show that the attackers are still active. Without the other components of the attack it is impossible to say whether any new developments have been added to the code since we last saw a release from the group in November 2011.”
Nothing yet clear but we expect some new update soon.