New Duqu virus linked to Microsoft Word Documents

Nov 04, 2011 by Bob Yirka report

I new virus has cropped up in various countries across the world and its target appears to be corporate networks. The Duqu virus, first noted last month by a laboratory at Budapest University, has now been spotted in several other countries and appears to be sent via Microsoft Word documents attached as emails. Microsoft has announced that it is working on a fix.

The point of the seems to be to gather corporate information and then send it to some as yet unknown site. Thus, it’s a form of corporate espionage. Chillingly, researchers at Symantec, the giant antivirus company, say it looks like some of the code in the is the same as was found in the Stuxnet virus that wreaked havoc on Iran’s nuclear program, indicating that the perpetuators were either able to obtain the code from that virus, or, are the same people.

The virus is activated when a person to whom an infected Word document was sent, opens it. The virus infects that computer then seeks out other computers through the corporate network. As it goes, it collects data and then apparently, seeks a path out to the Internet where it can send the data it’s collected to a predefined destination. Thus far it has relied on a so-named zero day exploit to take advantage of a previously unknown weakness in the Windows kernel, which means getting in and doing its dirty work before victims have a chance to come up with a means of defense against it.

Thus far, it appears that the virus has been targeted at specific types of companies, as the data- collecting part of the virus seems to seek out information pertaining to industrial control-systems. So it’s likely that whoever unleashed the virus, did so in hopes of gaining information on how companies are designing and manufacturing their products; not something the average person would need to worry about, but still enough to cause concern about the growing sophistication of computer viruses.

So far, instances of the virus have been seen in Iran, India, France, Ukraine, the UK and at least eight other countries that have not been specifically identified.

Explore further: Facebook tuning mobile search at social network

Related Stories

Symantec warns of new Stuxnet-like virus

Oct 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Stuxnet-like virus points to new round of cyber war

Oct 20, 2011

Internet security specialists have warned of a new round of cyber warfare in the form of a computer virus similar to the malicious Stuxnet worm believed to have targeted Iran's nuclear program. ...

Net braced for new Sober virus attack

Jan 05, 2006

Internet-security experts were predicting only minor impacts from an onslaught of the Sober virus scheduled to replicate itself Thursday or Friday.

Statistical physics shows new approach to fighting viruses

Dec 12, 2005

Computer viruses pose an ongoing threat and their neutralization calls for new strategies, researchers at Tel Aviv University say. Eran Shir and colleagues propose a solution that helps an 'antivirus' program reach an at-risk ...

Recommended for you

Startups offer banking for smartphone users

11 hours ago

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

User comments : 9

Adjust slider to filter visible comments by rank

Display comments: newest first

aliasvinu
not rated yet Nov 04, 2011
another tragedy..
MadLintElf
5 / 5 (2) Nov 04, 2011
The next war will be fought on the internet, not on the ground. When they said information was king, and equally valuable as money they were right.

Stuxnet was only the beginning of our "Brave new World".

Cheers,

Bill
sherriffwoody
not rated yet Nov 04, 2011
Imagine how cool software and the internet could be if it wasn't for the a&& holes.
la7dfa
5 / 5 (2) Nov 04, 2011
Imagine how cool software and the internet could be if it wasn't for the a&& holes.


We actually depend on someone challenging the software.
Just like our body needs to exercise the immune system.
Otherwise we would be wide open for attacs.
MadLintElf
not rated yet Nov 04, 2011
Yep, security by obscurity only worked in the 70's.
Jotaf
5 / 5 (3) Nov 04, 2011
The real tragedy is how a professional writer inserts commas arbitrarily in the middle of sentences...
Vendicar_Decarian
2 / 5 (4) Nov 05, 2011
Israel with the probable assistance of the U.S. was the origin of Stuxnet which targeted the Iranian Nuclear enrichment program.

Either Israel or the U.S. are now complicit in this corporate espionage attack on their allies in Europe and elsewhere, or as I said at the time of the Stuxnet attack, the Stuxnet software would be reverse engineered and used against western interests.

In any case, Israel with the probable assistance of the U.S. are ultimately responsible for this latest virus as they wrote much of the code for the existing infection.

Remember. Vendicar is almost always right, and Israel is the
enemy of all moral, thinking people.
Osiris1
1 / 5 (1) Nov 05, 2011
'Duqu'....as in 'Count DooKoo' the 'Sith' (reverse last two letters and wadda u get) Lord from Star Wars?? Maybe 'da Farce'////awww da 'Force' can defeat it. Where is Luke Swampwater when ya needs him.
Vendicar_Decarian
1 / 5 (2) Nov 05, 2011
Luke died from Antarian Anal Ringworrm back in the Duvonian period.

Components of his light saber on on display at the Harkonen public trust building 128 Bertan street on the planet of Guidi prime.

Admission 1428*10**-23 Ningies