14 DAY TRIAL // Bitdefender specialists came by a piece of malware which at first seemed to be nothing extraordinary, but upon further analysis it turned out to be a descendant of the infamous Suxnet that made all the headlines back in 2010.
According to MalwareCity, the malicious element called Win32.Duqu.A has a rootkit driver at its core that is designed to protect other nasty software against the defense mechanisms deployed by security applications installed on a system.
Even though some of Duqu's components resemble very much the ones found in Stuxnet, it seems that its purpose is different. So instead of being a military equipment saboteur, the new version is actually just a complex keylogger that targets mainly regular companies.
The researchers concluded that this probably results from the fact that its masters have changed in the meantime, as cybercriminals rarely switch their specialties. This is highly possible, especially after the saboteur rootkit was reverse-engineered and posted online, which means the source was available for anyone with the necessary knowhow.
Unfortunately for the the hackers and luckily for us, because elements of Stuxnet are found in the latest variation, the threat will be easily detected by all the security products currently available.
“Any variant of a known e-threat would likely end up caught by generic routines, so the general approach is 'hit once, then dispose of the code',” revealed Bogdan Botezatu from Bitdefender.
Because of Duqu's defence mechanisms, it might not be the easiest task to get rid of it, so make sure you have a fully functional anti-virus program with an up-to-date virus definition database. Also, be careful about the links you click on and the websites you visit as drive-by attacks are not uncommon these days.
Rootkit.Duqu.A Removal Tool is available for download here.