Duqu Detector Toolkit Released by CrySys

Security research lab The Laboratory of Cryptography and System Security (CrySyS), which was responsible for discovering the Duqu virus, has dished out a toolkit that would help detecting and eradicating the virus from affected systems.

The Duqu Detector Toolkit v1.01, which is available for download from the CrySys website, is an open source tool that helps detect the virus, which is based on the Stuxnet virus source code.

While Stuxnet was designed to take on industrial control systems in nuclear power plants, Duqu has been designed to gather information that would help in conducting cyber attacks in the future.

The toolkit is based on signature-and heuristics-based methods which are capable of detecting the virus even after malware has been removed from the system. The tool comprises of techniques that look for dubious files and even looks out for indicators of the virus.

"We created the toolkit in such a way that if a real and active Duqu infection is found, then running all our tools will [result] in clear indications. However, a single suspicious result may just be a false positive. In any case, professional experience is needed to carefully analyze these results as well, and to have a final verdict over the findings", CrySys said.