Monday, March 26, 2012

New Duqu Sample Found in the Wild

Inline image 1

We recently received a file that looked very familiar. A quick investigation showed it to be a new version of W32.Duqu. The file we received is only one component of the Duqu threat however—it is the loader file used to load the rest of the threat when the computer restarts (the rest of the threat is stored encrypted on disk). The component we received has been highlighted below (Driver file .sys) in an image taken from our Duqu whitepaper:

Read more: Symantec
QR: Inline image 2

Posted via email from Jasper-Net