As recently communicated via the SCADASec forum, Microsoft and others have made available anti-virus signature updates for the W32.Duqu trogan, covering at least three variants. The links below are to the Microsoft Malware Protection Center, and provide some useful background information:
Interesting enough are the details contained in the Variant "C" summary which identifies the IP addressed used for the C&C server - 206.183.111.97, which is registered to WebWerks India Pvt. in Mumbai. This should not lead you to believe that the attackers originate within India, but rather that this site could be used as a proxy.
Bob Radvanovsky also provided a link which highlights the updates of a large number of AV vendors relating to Duqu. This list is available by clicking here.
thnx
ReplyDelete