Skip to main content

Duqu Detector Toolkit Released by CrySys

Security research lab The Laboratory of Cryptography and System Security (CrySyS), which was responsible for discovering the Duqu virus, has dished out a toolkit that would help detecting and eradicating the virus from affected systems.

The Duqu Detector Toolkit v1.01 (opens in new tab), which is available for download from the CrySys website, is an open source tool that helps detect the virus, which is based on the Stuxnet virus source code.

While Stuxnet was designed to take on industrial control systems in nuclear power plants, Duqu has been designed to gather information that would help in conducting cyber attacks in the future.

The toolkit is based on signature-and heuristics-based methods which are capable of detecting the virus even after malware has been removed from the system. The tool comprises of techniques that look for dubious files and even looks out for indicators of the virus.

"We created the toolkit in such a way that if a real and active Duqu infection is found, then running all our tools will [result] in clear indications. However, a single suspicious result may just be a false positive. In any case, professional experience is needed to carefully analyze these results as well, and to have a final verdict over the findings", CrySys said (opens in new tab).

Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.