پروژه هانی نت ایران

The lab that par­tic­i­pat­ed in the dis­cov­ery of the Duqu tro­jan has devel­oped a detec­tor toolk­it that can find Duqu infec­tions on a com­put­er or in a whole net­work. The toolk­it, released by the Lab­o­ra­to­ry of Cryp­tog­ra­phy and Sys­tem Secu­ri­ty (CrySyS), uses sig­na­ture and heuris­tics meth­ods to find traces of Duqu infec­tions even when bits of the mal­ware have already been removed from a PC.

The toolk­it search­es for a range of dif­fer­ent Duqu relat­ed sus­pi­cious files and known indi­ca­tors to detect the cur­rent or past pres­ence of the tro­jan. How­ev­er, as with all anom­aly detec­tion tools, it is pos­si­ble that it gen­er­ates false positives.

There­fore, pro­fes­sion­al per­son­nel is need­ed to elab­o­rate the result­ing log files of the tool and decide about fur­ther steps.

The toolk­it, which includes the source code, can be down­loaded from here

http://www.honeynet.ir/software/duqu/duqudetector-v1_02.zip