According to a recent report the Duqu trojan has been spread with the help of infected Microsoft Word documents. The research says the Trojan exploits a vulnerability in Word files which makes it possible to modify a computers protection in their favour. Duqu infections are confirmed in eight countries and suspected in four others including the UK.
Crysys (The Laboratory of Cryptography and Systems Security) analysed forensics data of suspect files and in at least one case has obtained proof that a file contained a Duqu installer and used a Zero Day Exploit (ZDE). Crysys believe that it is possible that Duqu is also spread by other means, however they do not have evidence to confirm this.
Speak Like a Geek - A zero-day exploit refers to a computer threat making use of a previously unknown software error that will enable a hostile hacker to gain permissions they should not have.- -
Cavalry on the way
Microsoft have said they are aware of the issue and are currently preparing a software patch to deal with it. "Microsoft is working with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware," a company statement said. "We will be providing a security update for customers through our update process."
Targeted attacks on the rise
This is the latest exploit in a new wave of targeted attacks that include last years Stuxnet worm and the PoisonIvy Trojan that ealier this week was reported to have targeted a number of chemical companies. Stuxnet appeared to be after control of industrial systems and Duqu could be designed to send back information from industrial control systems.
This is a worrying trend and Commercial and Industrial espionage are thought to be the motive behind this type of attacks but as yet, despite some media claims, no-one has been able to trace the source of any of the attacks.
CM
No comments:
Post a Comment