Security Bytes

Nov 1 2011   11:11PM GMT

Windows zero-day flaw used in Duqu attacks

Marcia Savage Marcia Savage Profile: Marcia Savage

Security researchers said Tuesday the Duqu Trojan used a Word document that exploits a Microsoft zero-day vulnerability in order to infect computers. Microsoft said it’s working to address the flaw.

Researchers at the Laboratory of Cryptography and System Security (CrySys) in Budapest, Hungary, uncovered the installer file, the Word document, which Symantec researchers said exploits a previously unknown kernel vulnerability. Symantec issued a report last month that detailed the similarities between Duqu and the notorious Stuxnet malware. Designed to steal data, Duqu was discovered on the systems of industrial component manufacturers.

In an email statement, Jerry Bryant, group manager of response communications for Microsoft Trustworthy Computing, said, “Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware. We are working diligently to address this issue and will release a security update for customers through our security bulletin process.”

According to Symantec, the Word document was designed to target specific organizations. Symantec researchers noted that this installer is the only one recovered to date; attackers may have used other methods to spread Duqu. There are no robust workarounds but most security vendors already detect and block the main Duqu files, Symantec said in a blog post Tuesday.

The number of confirmed Duqu infections remains limited, but have been confirmed in six possible organizations in eight countries, including France, India, and Iran, according to Symantec.

According to Reuters, computer investigators in India have seized the computer equipment believed to have hosted the command-and-control server connected to Duqu.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: