The Laboratory of Cryptography and System Security located in Hungary, short named as CrySys, identified Duqu, a very dangerous piece of malware, couple of weeks back. It is similar to Stuxnet malware, a nightmare for many Iranian’s as its primary target was Iran’s Nuclear program as per reports based on the infection level and nature of infection suggests that time. But at present it is difficult to say, Duqu has created with any specific interest like Stuxnet “industrial” malware.
Anyway security software giant BitDefender already released a Duqu detection and removal tool which is first in its kind. Later Microsoft announced a temporary fix to the menacing Duqu threat. We have reported the same already and you can read it below.
Now CrySys, who identified and reported Duqu threat first, released a Duqu Detector Toolkit. You can use this free toolkit to find Duqu infections on a computer or in a whole network. The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system. You may remember the fact that just like Stuxnet, Duqu itslef remove from an infected PC after a time limit.
How to Use Duqu Detector Toolkit
The toolkit contains 4 different executable components:
FindDuquSys.exe, CalcPNFEntropy.exe, FindDuquTmp.exe & FindPNFnoINF.exe. All of these programs can be executed directly from command line. For your convenience, CrySys also provided a batch file, FindDuqu.bat, which executes all 4 tools with the same log file parameter.
P.S : Kaspersky Lab announced that their security solutions are now capable of detecting and removing Duqu originated zero day vulnerability in Windows. If you are using Kaspersky security solutions just update the program.