Duqu exploits Windows flaw for attacks

The spread of the Duqu virus was aided by previously unknown vulnerabilities in Microsoft Word, a security team has discovered.

Security firm Symantec announced that Duqu, thought by some to be created by those responsible for the Stuxnet virus, has been using holes in Word documents to sneak into systems according to the findings of a Hungarian team.

The Crysys team at Budapest University, which originally made the discovery of Duqu, managed to get its hands on an installer for the virus, shedding light on how it got onto systems. 

The installer file is a Word document which is able to exploit a previously unknown kernel vulnerability that allows code execution using a zero-day exploit, according to Symantec.

When the file is opened up, malicious code is then able to install the “main Duqu binaries”. 

A red-faced Microsoft is said to be working towards releasing a patch and advisory for the zero-day threat.

Symantec pointed out that the installer is the only one known at the moment and that there may well be other versions which vary.  However it was highlighted that most security vendors will protect from Duqu files.

It was also reported that appearances of Duqu have been confirmed in eight countries, though instances of infection are still limited.

Six organisations have been targeted.  One organisation has seen attacks in France, Netherlands, Switzerland and the Ukraine.  The other organisations have seen attacks in India, Sudan, Vietnam, as well as two firms in Iran, where Stuxnet made high profile attacks on nuclear facilities last year.

Other security vendors have also reported attacks in Austria, Hungary, Indonesia and the UK.

More and more ambitious attacks directed at infrastructure appear to be becoming the norm. This week a Chinese hacker was connected to 48 attacks aimed at chemical and defence organisations as industrial espionage through cyber means escalates.

A cyber security conference was held in London yesterday headed up by Foreign Secretary William Hague, who talked of the dangers that are growing on the internet.  This followed comments from GCHQ spy Iain Lobban about the rise of “disturbing” threat levels.