Thursday, November 10, 2011

Open Source Duqu Malware Removal Toolkits And Software

Stuxnet and Duqu Malware have started a new wave of cyber crimes and cyber attacks. They are sophisticated Malware that cannot be a task of random or average skilled cracker or cyber criminal. These Malware have been written by very sophisticated Malware writers.

Stuxnet and Duqu Malware have also affected Indian computer systems. For instance, it is believed that the Stuxnet Malware was responsible for destroying an Indian broadcasting satellite. Similarly, the command and control server of the Duqu Malware was also traced to India.

While India is presently investigating the Duqu Malware yet it is clear that Indian nuclear facilities may not be cyber secure. There is an urgent need on the part of India to strengthen its cyber security capabilities in general and cyber warfare capabilities in particular. In US, the Defense Advanced Projects Research Agency (DARPA) has been working hard to develop its cyber capabilities.

While India has not yet come up with solutions to fight Malware like Stuxnet and Duqu yet open source community has done a good job. A new scanning tool has been released by engineers at independent security testing firm NSS Labs that can be used to detect Duqu drivers installed on a system. The tool was developed with the goal of discovering any additional drivers and enable researchers to learn more about the functionality, capabilities and ultimate purpose of the Duqu Malware.

Similarly, the Laboratory of Cryptography and System Security (CrySyS) in Hungary has released an open-source toolkit that can find traces of Duqu infections on computer networks. It contains signature- and heuristics-based methods that can find traces of Duqu infections where components of the Malware are already removed from the system. Duqu deactivates after a time limit and removes itself from the computer, but some temporary files could still indicate that the computer was affected by a former Duqu infection. The toolkit might identify these traces.

If you wish to analyse your computer or network for Duqu Malware, it is worth giving these tools a try.

No comments:

Post a Comment