by Marcia Savage
Security researchers said Tuesday the Duqu Trojan used a Word document that exploits a Microsoft zero-day vulnerability in order to infect computers. Microsoft said it’s working to address the flaw.
Researchers at the Laboratory of Cryptography and System Security (CrySys) in Budapest, Hungary, uncovered the installer file, the Word document, which Symantec researchers said exploits a previously unknown kernel vulnerability. Symantec issued a report last month that detailed the similarities between Duqu and the notorious Stuxnet malware. Designed to steal data, Duqu was discovered on the systems of industrial component manufacturers.
In an email statement, Jerry Bryant, group manager of response communications for Microsoft Trustworthy Computing, said, “Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware. We are working diligently to address this issue and will release a security update for customers through our security bulletin process.”
According to Symantec, the Word document was designed to target specific organizations. Symantec researchers noted that this installer is the only one recovered to date; attackers may have used other methods to spread Duqu. There are no robust workarounds but most security vendors already detect and block the main Duqu files, Symantec said in a blog post Tuesday.
The number of confirmed Duqu infections remains limited, but have been confirmed in six possible organizations in eight countries, including France, India, and Iran, according to Symantec.
According to Reuters, computer investigators in India have seized the computer equipment believed to have hosted the command-and-control server connected to Duqu.
Wisegate's Information Security Pros Join Forces to Counter Escalating Hacker ...
EON: Enhanced Online News (press release)
In a recent poll from Wisegate's community of security experts, 100% of CISOs and senior security practitioners from leading companies in financial services, healthcare, consumer products, automotive, and government agencies said that “Infosec ...
by Robert Westervelt
Computer equipment from a data center in Mumbai have been seized as part of an investigation into the Duqu Trojan, which shares code with the notorious Stuxnet worm.
Reuters has reported that computer investigators in India have seized the computer equipment that is believed to have hosted the command-and-control server connected to the Duqu Trojan.
Investigators from India’s Department of Information Technology traced the malware communications to a server at a web-hosting company called Web Werks, according to two workers at the firm. The investigators took several hard drives and other components from a server, Reuters said.
Symantec Corp. issued a report last month detailing how the Duqu Trojan is closely linked to the Stuxnet worm. The authors of the malware are believed to have had access to the Stuxnet source code. Unlike Stuxnet, which is intended to seek out Siemens supervisory control and data acquisition (SCADA) software and disrupt industrial processes, Duqu was designed to steal data. Duqu was discovered on the systems of industrial component manufacturers.
Once a system is infected with Duqu, additional malware is downloaded to record keystrokes and steal other details about the infected system. It can take screenshots, record network information and explore files on all drives, including removable drives.
Security researchers don’t know how the malware spreads. They are seeking the installer, which will yield clues as to how systems are initially infected. Currently, antivirus and antimalware engines can detect the Trojan.
The Dell SecureWorks Counter Threat Unit issued a Duqu report last week calling much of the early Duqu analysis “pure speculation.” Many of the techniques used by Duqu share similar characteristics as Stuxnet, but they have also been used in other unrelated malware, the CTU research team said. Still, Symantec said its binary analysis of the Duqu code concluded that the two pieces of malware shared the same code based.
Posted by InfoSec News on Nov 01http://www.theregister.co.uk/2011/10/26/fbi_secure_internet/
Posted by InfoSec News on Nov 01http://www.computerworld.com/s/article/9221335/_Nitro_hackers_use_stock_malware_to_steal_chemical_defense_secrets
Posted by InfoSec News on Nov 01http://news.techworld.com/security/3314579/duqu-not-created-by-authors-of-stuxnet-worm-says-security-company/
Posted by InfoSec News on Nov 01http://www.canberratimes.com.au/news/local/news/crime-and-law/denied-no-bail-for-atm-hacker/2342608.aspx
Posted by InfoSec News on Nov 01http://www.startribune.com/business/132825938.html
Los Alamos National Laboratory Wins National Cybersecurity Innovation Award ...
SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...