Microsoft said hackers exploited a zero-day bug in its Windows operating system to infect computers with the Duqu virus.
News of Duqu surfaced in October when security software maker Symantec said it had found a computer virus that contained code similar to Stuxnet, malware believed to have wreaked havoc on Iran’s nuclear program.
Details on how Duqu got onto infected machines emerged for the first time as Microsoft disclosed its link to the infection.
“Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware,” Microsoft communications manager Jerry Bryant said. “We are working diligently to address this issue and will release a security update for customers through our security bulletin process.”
We are working diligently to address this issue and will release a security update for customers through our security bulletin process
Symantec researchers said they believe hackers sent the virus to targeted victims via emails with tainted Microsoft Word documents attached.
If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organisation’s network to propagate itself and hunt for data, Symantec researcher Kevin Haley said.
He said some of the source code used in Duqu was also used in Stuxnet, a cyber weapon believed to have crippled centrifuges that Iran uses to enrich uranium.
That suggests that the attackers behind Stuxnet either gave that code to the developers of Duqu, allowed it to be stolen, or are the same people who built Duqu, Haley said. “We believe it is the latter,” he said.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
