Duuzer is a backdoor detected by Symantec’s researchers, targeting mostly the manufacturing industry in South Korea. The researchers classified this newly discovered threat as advanced, working on both 32 and 64 bit machines. It is capable of:
- Allowing full access to the filesystem, including the ability to copy files to and from the victim’s machine
- Executing new processes
- Gathering basic system fingerprinting information
Although it is currently unclear how the malware was delivered to the targets, Symantec’s researchers suspect that it was by either spear-phishing or watering-hole attack.
This kind of attack is very different from the more common and less sophisticated banking Trojans and ransomware. It goes hand-in-hand with extensive intelligence collection and “tailor-made” attack tools.
Prevention
We executed a Duuzer sample in a Windows 7 x64 machine running Minerva Anti-Evasion Platform.
This threat which successfully evaded detection for at least a couple of months was prevented immediately.
Duuzer is a classic case of the threats Minerva prevents – highly advanced malware, unknown to traditional AV and heavily fortified against analysis.
Want to see us in action? Request a demo!
Minerva – don’t chase, PREVENT!