Symantec has published a study of a new threat called Duqu. Main components and modules are shwon below.
Highlights from Symantec report:
- The threat was written by the same authors
- Duqu’s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others, in order to more easily conduct a future attack against another third party.
- The attackers used Duqu to install another infostealer that can record keystrokes and collect other system information.
- Duqu uses HTTP and HTTPS to communicate to a command and control (C&C) server
It is worth to look another study by SecureWorks as well.