Viral UpdateCategory: Bugs / Virus
Posted: November 4, 2011 05:07PM
For the second viral update we will be focusing on the Duqu Trojan. An installer for the malware was found by Hungarian research firm CrySys and has been analyzed by Symantec. A computer can be infected by a Microsoft Word document that exploits a kernel vulnerability. Once infected, a computer will attempt to spread the virus throughout its network, including to computers without a direct Internet connection. Duqu seems to be targeting corporations and is stealing information to possibly create another Stuxnet-like worm. This speculation and several similarities in the code of Duqu and Stuxnet leads the Symantec researchers to believe both pieces of malware were written by the same people.
Microsoft has been made aware of the virus and will issue a patch as soon as it can. The server Duqu appeared to be contacting has also been taken offline. As there is no work-around or removal strategy for this virus yet, the best strategy is diligence and not opening files from unknown sources.
Most other viruses found recently are less worrying and of low risk.