New Duqu sample found in the wild

From Botnets.fr
Revision as of 16:23, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
Jump to navigation Jump to search

(Publication) Google search: [1]

New Duqu sample found in the wild
New Duqu sample found in the wild.png
Botnet Duqu
Malware Duqu (bot)
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 21 mars 2012
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild www.symantec.com (www.symantec.com Archive copy)
Author
Type

Abstract

We recently received a file that looked very familiar. A quick investigation showed it to be a new version of W32.Duqu. The file we received is only one component of the Duqu threat however—it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk). The component we received has been highlighted below (Driver file .sys) in an image taken from our Duqu whitepaper:

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR949,
   editor = {Symantec},
   author = {},
   title = {New Duqu sample found in the wild},
   date = {22},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild www.symantec.com}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=New_Duqu_sample_found_in_the_wild&oldid=2101"