Duqu also known as Duqu 2.0, W32.Duqu and W32.Duqu.B is classified as a collection of malware found in September 2011 by a security team from the Budapest University of Technology and Economics. It is a sophisticated threat that has even hit the Kaspersky Lab. Duqu 2.0 is even meaner and more refined than its previous version and has intelligence gathering modules targeted at telecommunication operators around the world. Duqu 2.0 may be called a sophisticated cyber-espionage platform.
Malware researchers classify it as a remote access Trojan (RAT) that executes intelligence gathering attacks in the information security, telecoms and electronics sectors.
A similar threat with a numerous module platforrm is Regin Malware.
Duqu 2.0 General Description
Even though worms and Trojan horses are different types of malicious software, both of them can install a backdoor on a computer. Once installed, an RAT such as Duqu provides cybercriminals with indefinite access to the infected endpoints. Duqu is designed to harvest sensitive data and transfer it to its creators via C&C (Command & Control) servers. Attackers may aim at obtaining confidential information about the targeted company and its products and services. Previous targets of the Duqu malware include several telecom operators and electronic equipment manufacturers based in Europe, North Africa, and South East Asia. Other countries that have been targeted by Duqu’s creators are the USA, UK, India, and Hong Kong.
The term Duqu, according to Wikipedia, may be about:
- Duqu malware – a variety of software components that provide malicious services to cybercriminals such as information stealing capabilities, kernel drivers, and injection tools.
- Duqu flaw – a flaw in Microsoft Windows that is applied in malicious files to execute malware components of Duqu. Presently, one flaw is unveiled, a TTF related problem in win32k.sys.
- Operation Duqu – the process of using Duqu for unknown and potentially harmful goals. The process is considered related to Operation Stuxnet.
Duqu 2.0 Distribution Technique
Being a computer worm, Duqu does not contain any code, so it doesn’t have to drop its malicious files onto the system. However, it can still sneak into the PC and stay on the disk. It may have entered the system through spam emails and illegal software versions. Duqu is quite harmful towards companies due to its capabilities to exploit security vulnerabilities. Enterprise computers should have a powerful anti-malware solution that guards their systems against information stealers.
Duqu 2.0 Removal Options
A trustworthy anti-malware program will detect and delete Duqu 2.0. Since worms such as Duqu endure in the system indefinitely and do not attach to existing programs, manual removal is not regarded an option.
Keep in mind that once a system has been infected by Duqu 2.0, it can be re-infected even after the system is rebooted. Luckily, to avoid future attacks by Duqu, anti-malware giants Symantec and Kaspersky have added immediate detection with the hope to freeze a new Duqu activity.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter