Anyone have a copy of this new malware that was discovered last week?

Edited October 19, 201113 yr by PaperBall

binaries have not been made public yet, afaik, as they are still analyzing it in greater detail.

the symantec whitepaper can be found here

/>http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

THere is supposed to be a 2x page attachment (the inital analysis), but i can only see the 14p symantec analysis...

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

I hope there are no moral issues with me attaching them here...?

If so, please let me know...

drivers.rar

pass: malware

c9a31ea148232b201fe7cb7db5c75f5e.zip

pass: infected

c9a31ea148232b201fe7cb7db5c75f5e.zip

drivers.rar

I hope there are no moral issues with me attaching them here...?

If so, please let me know...

No... it's ok! enjoy!

Regards

c9a31ea148232b201fe7cb7db5c75f5e not dropper

http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One

It's an industrial rootkit..The PLC payload and leaked PKI usage is all that is really unique. It Does some DKOM and stuff with tables, or at least it did when I looked at the last one.

I'm not going to use what little time I have to re-analyse anything

Win32/Duqu: It’s A Date

http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date

http://blog.eset.com/2011/10/28/win32duqu-analysis-the-rpc-edition