Difference between revisions of "New Duqu sample found in the wild"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " www.symantec.com" to "") |
||
| Line 5: | Line 5: | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|Link=http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild | |Link=http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild | ||
|Author=, | |Author=, | ||
|NomRevue=Symantec Connect Community | |NomRevue=Symantec Connect Community | ||
Latest revision as of 21:51, 5 August 2015
(Publication) Google search: [1]
| New Duqu sample found in the wild | |
|---|---|
| |
| Botnet | Duqu |
| Malware | Duqu (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 21 mars 2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild (Archive copy) |
| Author | |
| Type | |
Abstract
“ We recently received a file that looked very familiar. A quick investigation showed it to be a new version of W32.Duqu. The file we received is only one component of the Duqu threat however—it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk). The component we received has been highlighted below (Driver file .sys) in an image taken from our Duqu whitepaper:
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR949,
editor = {Symantec},
author = {},
title = {New Duqu sample found in the wild},
date = {22},
month = Mar,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild}},
}