Duqu: Analysis, Detection, and Lessons Learned
A European company sought the authors' help to investigate a security incident that happened in their IT system. During the investigation, they discovered a new malware that was unknown to all mainstream anti-virus products, however, it showed striking similarities to the infamous Stuxnet worm. They named the new malware Duqu, and they carried out its first analysis. Their findings led to the hypothesis that Duqu was probably created by the same people who developed Stuxnet, but with a different purpose: unlike Stuxnet whose mission was to attack industrial equipment, Duqu is an information stealer rootkit.