While the prodigal son of the Stuxnet worm has had people worrying for a few weeks now at least, it looks like there is at least some line of defence available for it now, in the form of the Duqu detection tool.
Created by the team behind the original detection of the worm, the Budapest-based Laboratory of Cryptography and System Security (CRYSYS), this new tool allows users and businesses to detect the infection on a single PC or across an entire network if necessary. Microsoft did release a workaround for people to protect themselves against the Duqu threat, but anyone still worried, this detection tool should give piece of mind.
“We developed a detector toolkit that combines simple detection techniques to find Duqu infections on a computer or in a whole network,” explained the researchers.
“The toolkit contains signature and heuristics based methods and it is able to find traces of infections where components of the malware are already removed from the system.”
The tool can be downloaded here along with full documentation if necessary.
Hopefully Iran knows about this download link too, as late last night it was reported that the Stuxnet offspring had shown up in the country, where the original worm concentrated its attacks. The last word was that they had it under control, but security experts the world over will surely be keeping an eye on developments in the Middle Eastern nation.
The most recent report on the Duqu infection is that it might have been in development for several years. A driver found as part of the infection dated back to 2007. While this isn’t concrete proof, it does provide evidence to suggest that Duqu might have been the product of many years of work.