New Duqu sample found in the wild
Revision as of 12:57, 28 March 2012 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| New Duqu sample found in the wild | |
|---|---|
| |
| Botnet | Duqu |
| Malware | Duqu (bot) |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 21 mars 2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild www.symantec.com (www.symantec.com Archive copy) |
| Author | |
| Type | |
Abstract
“ We recently received a file that looked very familiar. A quick investigation showed it to be a new version of W32.Duqu. The file we received is only one component of the Duqu threat however—it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk). The component we received has been highlighted below (Driver file .sys) in an image taken from our Duqu whitepaper:
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR949,
editor = {Symantec},
author = {},
title = {New Duqu sample found in the wild},
date = {22},
month = Mar,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/new-duqu-sample-found-wild www.symantec.com}},
}