Vie Nov 25, 2011 2:29 pm
Duqu Detector Toolkit
We developed a detector toolkit that combines simple detection
techniques to find Duqu infections on a computer or in a whole network.
The toolkit contains signature and heuristics based methods and it is
able to find traces of infections where components of the malware are
already removed from the system.
The intention behind the tools is to find different types of anomalies
(e.g., suspicious files) and known indicators of the presence of Duqu on
the analyzed computer. As other anomaly detection tools, it is possible
that it generates false positives. Therefore, professional personnel is
needed to elaborate the resulting log files of the tool and decide
about further steps.
This toolkit contains very simple, easy-to-analyze program source code,
thus it may also be used in special environments, e.g. in critical
infrastructures, after inspection of the source code (to check that
there is no backdoor or malicious code inside) and recompiling.
Download
Updated version v1.02: GPLv3 license applies.
v1.02 manual (text)
[Tienes que estar registrado y conectado para ver este vínculo]
v1.02 all files (.zip)
[Tienes que estar registrado y conectado para ver este vínculo]
thanks l-23
</blockquote>