Zero-day Windows bug blamed for Duqu virus infections

Leeky

Leeky

Posts: 3,357   +116

Microsoft is on the hot seat over a previously unknown bug in its Windows operating system that's being exploited to infect computers with the Duqu virus, piped by some experts to be the next big cyber threat. The Duqu virus was discovered last month, but at the time security specialists were still investigating how it worked and how it arrived on computers. It was later found to be a sibling of the Stuxnet worm that crippled an Iranian nuclear fuel plant last year.

In a statement on their website, Symantec said, "we contacted Microsoft regarding the vulnerability and they're working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries. The chart below explains how the exploit in the Word document file leads to the installation of Duqu."

microsoft duqu software infection duqu virus

Symantec has confirmed that the virus is very close to the Stuxnet worm and even shares some of its source code. The Duqu virus was designed to gather industrial control system data, including engineer's keystrokes, which it compiles for further use in an attack later on. The security firm found the installer file is a Microsoft Word Document (.doc) that exploits a previously unknown kernel vulnerability allowing code execution.

Infected Word documents were worded in such a way as to definitively target the intended receiving organization, according to researchers. No workarounds currently exist for those infected with the virus. "Once Duqu is able to get a foothold in an organisation through the zero-day exploit, the attackers can command it to spread to other computers," Symantec wrote.

So far, Duqu appears to have infected approximately six organizations in France, Netherlands, Switzerland, Ukraine, as well as India, Iran, Sudan and Vietnam. Other security vendors have reported infections in Austria, Hungary, Indonesia, Iran (with different infections to those reported by Symantec) and the UK.

Microsoft acknowledged the problem with its security response team posting the following statement on Twitter: "we are working to address a vulnerability believed to be connected to the Duqu malware."

Permalink to story.

https://www.techspot.com/news/46109-zero-day-windows-bug-blamed-for-duqu-virus-infections.html

 
anyone notice how China never gets hit with these corporate and national level attacks.. rest of the world needs to grow some balls and take these chinese to task.. hard,firewall the whole country.
 
The US and European countries prefer to stick to more legal types of gathering information and ways that are much less traceable. Anything you put on a hard drive stays there unless you melt the hard drive in a furnace at 10,000 degrees (F). You could always use one of those eraser programs, but you can obviously tell something was wiped then, showing an intrusion was made.
 
Oh yeah, time to make the big $$$ off frantic end users scared shitless about the Duqu virus.
 
More like MS loses money from having a critical exploit that allows code execution in their damn word processing program.
 
Guest said:
anyone notice how China never gets hit with these corporate and national level attacks.. rest of the world needs to grow some balls and take these chinese to task.. hard,firewall the whole country.
Click to expand...
it must be nice to see the world in such a blissfully simple way. If anything, America needs to get off its *** and try to catch up with China in terms of IT expertise.
 
example1013 said:
More like MS loses money from having a critical exploit that allows code execution in their damn word processing program.
Click to expand...
I was thinking the same thing :/
 
Win7Dev said:
The US and European countries prefer to stick to more legal types of gathering information and ways that are much less traceable. Anything you put on a hard drive stays there unless you melt the hard drive in a furnace at 10,000 degrees (F). You could always use one of those eraser programs, but you can obviously tell something was wiped then, showing an intrusion was made.
Click to expand...

Partially true, i.e. they prefer to remain 'less traceable' if not entirely 'un-traceable'. I don't buy that argument that no western country get involved in such practices, simply because they wouldn't want to get caught by surprise or something.
 
I agree, we should put a strong checks for known malware, hacking countries and allow only legitimate traffic. If a hacking is found, ban those IPs and penalize the countries for their failure.
 
Win7Dev said:
Anything you put on a hard drive stays there unless you melt the hard drive in a furnace at 10,000 degrees (F).
Click to expand...
This is quite simply a myth propagated (obviously quite successfully) by certain unscrupulous companies wishing to profit from unnecessary data shredding and "multiple pass" disk wiping shitware utilities.

If you do a simple zero fill of a hard disk, or use the manufacturer's free utility to perform a low level format, the data is gone for good. It doesn't really matter who you call, whether it's the FBI, CIA, MI6 or Ghostbusters, the data is not coming back, because you have changed every 1 to a 0. There is no subliminal or residual data layer, if there were, hard disk manufacturers would have exploited it decades ago to create multi layer discs with vastly larger capacities. Zero fill is enough.
 
You must log in or register to reply here.

Similar threads

A
GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds
Replies
9
Views
132
jpvalverde85
J
A
Microsoft left a kernel-level, zero-day bug in Windows for six months before patching it
Replies
9
Views
240
LimyG
LimyG
A
WordPress plugin vulnerability poses severe security risk, allows for site takeovers
Replies
1
Views
31
Vanderlinde
V

Latest posts

Back