Duqu uncloaked: Researchers find new variant, identify mystery code
- By Defense Systems Staff
- Mar 22, 2012
Researchers from Symantec have uncovered a new variant of the Duqu cyber espionage malware that seeks to evade antivirus products and other security tools, reports PC World.
The driver, known as mcd9x86.sys was compiled Feb. 23, said Vikram Thakur, principal security response manager at Symantec, according to the story.
Duqu, which was originally exposed in October 2011, is related to the Stuxnet industrial sabotage worm with which it shares blocks of code. While Stuxnet sought to destroy systems, Duqu's goal is to steal sensitive information from specific organizations it infiltrates.
Researchers expect that future variants of Stuxnet and Duqu most likely will be built on the same platform, yet with sufficient differences to make them undetectable by security software, the article states.
Meanwhile, Kaspersky Lab researchers have discovered that the Duqu Trojan was partly programmed in Object-Oriented C (OOC) by an "old school" experienced enterprise programming team, PC World also reports. Kaspersky researchers said they have never before encountered that particular format in cyber criminal malware.