Symantec Finds New Duqu Malware Variant
The new Duqu driver is called mcd9x86.sys.
Symantec researchers recently uncovered a new version of the Duqu malware.
"Researchers from Symantec announced the discovery of a new Duqu driver, the component responsible for loading the malware's encrypted body, on Monday via Twitter," writes PCWorld's Lucian Constantin. "The driver is called mcd9x86.sys and was compiled on Feb. 23, said Vikram Thakur, principal security response manager at Symantec."
"The source code of the new driver has been reshuffled and compiled with a different set of options than those used in previous version," Constantin writes. "It also contains a different subroutine for decrypting the configuration block and loading the malware's body."
Go to "Researchers Discover New Duqu Variant That Tries to Evade Antivirus Detection" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.