My Russian colleagues Aleksandr Matrosov and Eugene Rodionov have identified a couple of time to do a couple of far more investigation on Win32/Duqu. (Don t you guys sleep?) in the previous write-up (http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date) they concentrated on analyzing the Duqu configuration file format and extracting the exact date on which the system was infected. This time they investigated Duqu s RPC (Remote
See far more..
