Duqu (W32.Duqu)

Duqu is a remote access Trojan (RAT) that steals data from computers it infects. Duqu has been targeted at industrial equipment manufacturers, illegally collecting information about the manufacturer’s systems and other proprietary data.

The Duqu Trojan contains some of the same source code used by the Stuxnet Trojan, which was designed to disrupt industrial processes. Duqu and Stuxnet use a similar kernel driver to decrypt and load encrypted dynamic load library (DLL) files, enabling the Trojan to inject itself into system processes.

Some security researchers believe that Duqu could be a precursor for attacks against supervisory control and data acquisition (SCADA) systems. SCADA systems are used in infrastructure services such as gas, electric, water and sewer. 

Duqu was discovered by the Laboratory of Cryptography and Systems Security (CrySys) at Budapest University.

This was last updated in November 2011

Continue Reading About Duqu (W32.Duqu)

Dig Deeper on Threats and vulnerabilities