Wednesday, August 27, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Larger iPad Coming Next Year
Samsung Starts Mass Production Of First 3D TSV DDR4 Modules
HP Recalls Millions Of Power Cords
New Toshiba 20 Megapixel CMOS Image Sensor Enables 6mm Z-height Camera Modules
Huawei Quits Windows Phone, Goes Completely Android
Europer To Probe Qualcomm: report
AMD Announces Heterogeneous C++ AMP Language for Developers
Seagate Ships First 8 TB Hard Drives
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Duqu In...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, November 02, 2011
Duqu Installer Exploited Windows Zero-Day to Infect Systems


Microsoft said hackers exploited a bug in its Windows operating system to infect computers with the Duqu virus, which some security experts say could be the next big cyber threat.

Microsoft plans to release a ecurity update for the issue.

According to Symantec, the attackers behind Duqu used a Microsoft Windows zero-day as part of their attack campaign. Researchers at the Laboratory of Cryptography and System Security (CrySyS) - the group that initially discovered the original Duqu binaries - has located an installer for the malware. The installer file is a malicious Microsoft Word document that exploits a previously-unknown kernel vulnerability that allows code execution.

"When the file is opened, malicious code executes and installs the main Duqu binaries," blogged Vikram Thakur, principal security response manager at Symantec.

"The Word document was crafted in such a way as to definitively target the intended receiving organization," he added. "This installer is the only installer to have been recovered at the time of writing?the attackers may have used other methods of infection in different organizations."

Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software. Fortunately, most security vendors already detect and block the main Duqu files, thereby preventing the attack.

Once Duqu is able to get a foothold in an organization through the zero-day exploit, the attackers can command it to spread to other computers. According to Symantec, evidence was found that showed the attackers commanding Duqu to spread across SMB shares. Interestingly though, some of the newly infected computers did not have the ability to connect to the Internet and thereby the command-and-control (C&C) server. The Duqu configuration files on these computers were instead configured not to communicate directly with the C&C server, but to use a file-sharing C&C protocol with another compromised computer that had the ability to connect to the C&C server. Consequently, Duqu creates a bridge between the network's internal servers and the C&C server. This allowed the attackers to access Duqu infections in secure zones with the help of computers outside the secure zone being used as proxies.

So far, the damage done by Duqu remains limited. According to Symantec, six organizations are believed to have been infected with the malware. Some of the organizations are only traceable back to an ISP, so it is possible all six are not separate organizations. The targets identified so far by Symantec have a presence in eight countries: France, India, Iran, Vietnam, Sudan, Netherlands, Ukraine and Switzerland. Other security vendors however have reported infections in other countries as well, including Hungary, Austria and the U.K.


Previous
Next
Yahoo Unveils Livestand, Products for Tablets And Mobile Devices        All News        Nokia Selects ST-Ericsson As supplier For Future Windows Phones
Yahoo Unveils Livestand, Products for Tablets And Mobile Devices     General Computing News      IBM and ABB Collaborate to Improve Energy Transmission for More Efficient Grids

Get RSS feed Easy Print E-Mail this Message

Related News
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach
Microsoft Disrupts Nitol Botnet
Kaspersky Discovers New IT Virus Linked To Stuxnet

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .