Duqu is a Remote Access Trojan designed to steal data from computers it infects.
Duqu seems to have been designed to steal information from vendors of industrial control systems. It is an intelligence gathering agent.
The Duqu trojan is composed of several malicious files that work together for a malicious purpose. The first component is a Windows kernel driver that searches for and loads encrypted dynamic link library (DLL) files. The decrypted DLL files implement the main payload of Duqu, which is a remote access trojan (RAT). The RAT allows an adversary to gather information from a compromised computer and to download and run additional programs.
In addition to the RAT, another piece of malware was recovered with Duqu in one instance. This malware is an information stealer designed to log user keystrokes and other information about the infected system. This piece of malware is believed to be related due to programming similarities with the main Duqu executables.
Comments are closed.