Security 10816 Published by

Malware exploits Microsoft Windows kernel zero-day vulnerability. Installer file is a Word document.



From InformationWeek:
Until Microsoft patches the zero-day vulnerability, there's no surefire safeguard against this type of attack. "Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software," said Thakur. "Fortunately, most security vendors already detect and block the main Duqu files, thereby preventing the attack."

Researchers have also found that Duqu also has the alarming ability to infect and control computers that aren't connected to the Internet. "In one organization, evidence was found that showed the attackers commanding Duqu to spread across SMB shares," said Thakur. "Interestingly though, some of the newly infected computers did not have the ability to connect to the Internet and thereby the command-and-control (C&C) server. The Duqu configuration files on these computers were instead configured not to communicate directly with the C&C server, but to use a file-sharing C&C protocol with another compromised computer that had the ability to connect to the C&C server.
  Duqu Malware: Still No Patch