Duqu Malware Detection Tool

The Free Duqu Detector Toolkit comes from the CrySyS Lab at the Budapest University of Technology and Economics, which was the first group to discover Duqu, as well as to discover a dropper file (installer) for Duqu that offered additional clues into how the malware would have infected computers and spread. Notably, the installer recovered by CrySyS was a malicious Word document (.doc) file, although security researchers said the malware may have been spread through other means as well.

CrySyS said its toolkit, which includes four command-line-executable components, intentionally includes "very simple, easy-to-analyze program source code . To check that there is no backdoor or malicious code inside." That way, potential users can easily validate the source code before using it in highly specialized environments.

To date, Microsoft has detailed a workaround for the zero-day vulnerability that researchers unearthed in the Duqu source code, which involves a font parsing flaw in the TrueType engine in 32-bit versions of Windows. That vulnerability would have helped the malware to spread and infect its target without being detected. But Microsoft has yet to issue a patch that fixes the flaw exploited by Duqu.

Download Duqu Detector Toolkit 

Project Page