Julius Inigo MIS 304 November 10, 2011 Duqu Detector Toolkit Julius Inigo MIS 304 November 10, 2011

Overview What is Duqu? How does Duqu work? Detection Tools

What is Duqu It is computer worm First discovered September 1, 2011 Steals digital certificates and information Removes itself after 36 days

How does Duqu work?

Detection Tools The Duqu Detector Toolkit v1.01 NSS Labs’ tool Microsoft?

References http://www.zdnet.com/blog/security/open- source-duqu-detector-toolkit- released/9790?tag=mantle_skin;content http://www.pcworld.com/businesscenter/arti cle/243555/opensource_toolkit_tracks_down _duqu_infections.html http://en.wikipedia.org/wiki/Duqu http://www.infoworld.com/d/security/open- source-toolkit-tracks-down-duqu-malware- 178622

Questions?