Duqu detector tool is released

SECURITY RESEARCH OUTFIT Crysys, the group credited with spotting the Duqu virus, has released a tool that lets average internet users do the same.

The Duqu virus was discovered early in November by the Budapest-based Laboratory of Cryptography and System Security (Crysys), and found to spread due to a security hole in Windows.

Microsoft has released a workaround for firms worried about the vulnerability, but companies still concerned about it might want to use the Crysys tool for spotting it.

"We developed a detector toolkit that combines simple detection techniques to find Duqu infections on a computer or in a whole network," explained the security researchers.

"The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system."

A number of tools are packaged together in the detector, and Crysys said that they are able to spot different kinds of suspicious activity on machines such as, for example, the presence of malicious files.

The four executable components, FindDuquSys.exe, CalcPNFEntropy.exe, FindDuquTmp.exe, and FindPNFnoINF.exe, search for different types of infections, according to the tool's supporting information. The researchers warned that users should inspect any flagged files to look for false positives, and recommended that a security professional do this.

They added that it is simple to use and easy to analyse, and could be used in specialised environments such as critical infrastructures. The toolkit is released under the GPLv3 license. µ