Nasty "Duqu" Worm Exploits Same Microsoft Office Bug as Stuxnet
November 2, 2011 12:32 PM
comment(s) - last by
No, not THAT Dooku, it's the Duqu worm.
(Source: LucasFilm, Ltd.)
Customers are at high risk after a gaping hole was found in MSO's security
If you just received a Word document from a colleague, don't open it until you verify they
sent it. A new worm is sweeping the globe and it hides inside innocent-looking Word documents, waiting to strike via a hitherto unknown vulnerability.
I. Duqu Worm Taps Microsoft Vulnerability, Proliferates
The "Duqu" worm is currently sweeping corporate networks worldwide, seeking to infect as many machines as possible in what appears to be an effort to target power plants, oil refineries and pipelines.
Microsoft Corp. (
) revealed this week that Duqu uses similar code to
the Stuxnet worm
crippled Iranian nuclear power computer systems
in 2010. Many have voiced suspicions that U.S. defense or intelligence agencies were behind Stuxnet, but it appears extreme unlikely that the U.S. government had anything to do with Duqu. In fact, Duqu appears to be targeting U.S. allies.
The worm exploits a hitherto-unknown zero-day flaw in Microsoft Office and the Windows operating system. When the victim receives and opens an infected Word document -- which appears entirely normal -- the worm installs itself on their machines and takes control of the system.
The worm then proceeds to propogate, by opening your contacts lists in programs like Thunderbird and Outlook and then emailing all of your contacts infected documents.
The Duqu worm exploits a previously unknown vulnerability to execute malicious shellcode and gain system access in a sophisticated cyberespionage effort [Source: Symantec]
Microsoft would only comment, "We are working diligently to address this issue and will release a security update for customers."
A Knowledge Base (KB) page on the worm can be found
. It lists the worm's threat level as "severe".
II. Worm Targets U.S. Allies
Symantec Corp. (
) is among the firms tracking Duqu. Interestingly, they make some statements about the worm's origin which seemingly exonerate the U.S. from Stuxnet suspicions. Symantec states that the Duqu authors must have either been given code by the Stuxnet authors, have stolen the code from the Stuxnet authors, or
themselves the Stuxnet authors.
Symantec's Kevin Haley
, "We believe it is the latter."
The sophistication of this worm suggests that if the U.S. didn't have a hand in crafting it, that China or Russia perhaps did. A command and control server was found to be hosted in Belgium, but it's rather unlikely that the attackers chose their home nation to host the attacking platform.
a cyber-superpower and notorious aggressor
-- is thought to maintain a repository of unpublished vulnerabilities on platforms such as Windows, Linux, and OS X, waiting to exploit them when the need arises.
Nine international organizations have found their systems compromised. The compromised nations in these victim organizations are:
Organization A - France, Netherlands, Switzerland, Ukraine
Organization B - India
Organization C - Iran
Organization D - Iran
Organization E - Sudan
Organization F - Vietnam
Other researchers report that systems in the United Kingdom, Austria, Hungary, and Indonesia were infected.
This article is over a month old, voting and posting comments is disabled
11/2/2011 3:52:40 PM
"...someone told them I was a #@# rapper, but they don't know that I'm a #@#$@ gapper. "
"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer
U.S. Suspects Chinese Involvement in Satellite Hacks; China Denies Accusations
October 31, 2011, 12:06 PM
Iran Say it Has Captured "Western Spies" Involved in Nuclear Cyberattack
October 5, 2010, 11:29 AM
Israel Suspected in Worm Sabotage of Iran's First Nuclear Plant
September 27, 2010, 10:45 AM
Chris Poole Retires From Role as 4Chan After a Decade of Success, Struggles
January 23, 2015, 1:45 PM
Study Shows People are Dumb as Ever With Passwords, Still Using "123456"
January 20, 2015, 3:19 PM
Site for "Glitter as a Service" Mail Pranks, ShipYourEnemiesGlitter, Launches
January 13, 2015, 2:22 PM
OS X Yosemite Compromises Security by Retrieving Embedded Email Images
January 13, 2015, 11:30 AM
ISIS JIhadi From NZ Accidentally Shares Location on Twitter, Outs Cohorts in Selfie
January 3, 2015, 11:35 PM
Amazon's Kindle Fire HDX 8.9 Drops to $299 (30 Percent Off) for a Day
December 22, 2014, 10:57 AM
Most Popular Articles
Microsoft Shows Off Latest Windows 10 Build, Preps it for Next Week Release
January 21, 2015, 2:57 PM
IDC: 2014 Sales Show PC Isn't Dead, But Desktop May be Dying
January 19, 2015, 1:50 PM
Police are Using New Handheld Radar Sensors to Peer Into Houses w/out Warrant
January 20, 2015, 1:35 PM
Great Expectations: The Rise and Fall of Google Glass Explorer Edition
January 16, 2015, 1:14 AM
Report: HTC One M9 (2015) is Tied to Under Armour-Powered HTC Smartwatch
January 19, 2015, 11:10 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information