Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Researchers discover zero-day Windows exploit in Duqu virus (they aren't after your computer)

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » General Discussion Donate to DU
 
DainBramaged Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-02-11 10:43 AM
Original message
Researchers discover zero-day Windows exploit in Duqu virus (they aren't after your computer)
Hungarian researchers have discovered a previously unknown Windows kernel vulnerability that is used by the installer for Duqu, the Stuxnet-like Trojan first detected in October. The researchers at the Laboratory of Cryptography and System Security at Budapest University of Technology and Economics (CrySyS), who were the first to discover the Duqu virus, have reported the vulnerability to Microsoft and other organizations, and a patch is in development.

According to a Symantec analysis of the exploit, Duqu’s installer was delivered to target systems embedded in a seemingly legitimate Microsoft Word document. When the document is opened, the installer embedded in the document is activated, and executes Windows shell code to install the malware’s .DLL and driver file to the system by hijacking Windows’ services control manager.

The shell code discovered in the Duqu worm by CrySyS was written to only allow installation of the virus during an eight-day period in August. Once the virus is installed, it can spread to other computers over networked file shares, and connect back to a command-and-control network over the Internet. Researchers found that when the virus infects systems not directly connected to the Internet, it uses a file-sharing protocol to connect with computers that have Internet access to form a relay back to the command and control network.

So far, confirmed Duqu infections have been reported in France, the Netherlands, Switzerland, the UK, Ukraine, Austria, Hungary, Iran, Sudan, Vietnam and Indonesia. The virus communicated with servers in Belgium, which have been shut down. But it’s unknown if the virus has since been modified and used for other attacks.


http://arstechnica.com/business/news/2011/11/researchers-discover-zero-day-windows-exploit-in-duqu-virus.ars

A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

The term derives from the age of the exploit. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software

http://en.wikipedia.org/wiki/Zero-day_attack
Printer Friendly | Permalink |  | Top

Home » Discuss » General Discussion Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC