DUQU may have been developed by the cybercriminals that created STUXNET, due to the similarities with their codes and routines. However, unlike STUXNET, DUQU's payload does not include connecting to SCADA systems.
DUQU is made of the following components that work together:
- RTKT_DUQU.A, a SYS file
- 2 encrypted DLL components
These components work together to enable DUQU to connect with its C&C server to download other files. The main component is the RTKT_DUQU.A file.
One of its downloaded files is the information stealer detected as TROJ_SHADOW.AF.
Below are Trend Micro solutions to protect yourself from the malware:
|Smart Pattern Detection