Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Duqu spreads using zero-day Word exploit, researchers warn

Alarm grows as Microsoft works on patch

Article comments

The unsettling mystery of the would-be Stuxnet malware ‘Duqu’ has deepened with the discovery that it is spread using a zero-day exploit in a Microsoft Word document.

The University of Budapest security lab that first discovered Duqu has finally tracked down the installer it uses which turns out to function as part of a targeted attack against unknown organisations, Symantec has reported.

According to the lab’s analysis, Duqu would have activated in an eight-day August window during which it appears to have been directed to spread across SMB shares, an obsolete Microsoft networking protocol used before the days of Active Directory.

Symantec said it had confirmed infections in only a handful of countries, including Iran, India, Vietnam, Sudan, France, Switzerland, Ukraine and The Netherlands.

Finding the installer is critical because it helps piece together the malware’s full design, principally the method is has been using to infect targets.

Not all companies agree that Duqu has any direct connection to the Stuxnet malware that has so perplexed security watchers since its appearance in 2010. Earlier this week, Dell SecureWorks published its own analysis that rated the commonalities between the two as more likely to be coincidence.

That was before the installer file was discovered, however, which at the very least raises the possibility that Duqu is more than just another clever piece of malware on the hunt for profitable victims.

“Exploitation of a kernel-level vulnerability allows the exploit code to run with ultimate privileges, enabling Duqu to have greater capabilities and better evade detection," said Zscaler ThreatLabZ senior security researcher, Mike Geide, spelling out Duqu's menace.

"For example, key logging code could be embedded into a keyboard device driver and operating system functions could be patched to hide or ignore any of Duqu’s processes or files."

Microsoft is believed to be working on a fix for the Word zero day flaw, which could be only one of the possible methods the malware uses to attack its victims. It is not clear how soon this patch will turn up but it is likely to receive an enthusiastic welcome despite many security products already being able to spot the current W32.Duqu.

Symantec has produced a detailed white paper for admins interested in learning more about the malware, including how to spot it on a network.




Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *