CrySyS Releases Duqu Detector
The lab that participated in the discovery of the Duqu trojan has developed a detector toolkit that can find Duqu infections on a computer or in a whole network. The toolkit, released by the Laboratory of Cryptography and System Security (CrySyS), uses signature and heuristics methods to find traces of Duqu infections even when bits of the malware have already been removed from a PC.
The toolkit searches for a range of different Duqu related suspicious files and known indicators to detect the current or past presence of the trojan. However, as with all anomaly detection tools, it is possible that it generates false positives.
Therefore, professional personnel is needed to elaborate the resulting log files of the tool and decide about further steps.
The toolkit, which includes the source code, can be downloaded from here
http://www.honeynet.ir/software/duqu/duqudetector-v1_02.zip
