According to a new report, Duqu, a computer worm first detected late last month, may be using a hole in the Windows operating system to spread from machine to machine. Over at Symantec, Vikram Thakur identifies the Duqu installer file as a simple Word document, which, once downloaded, allows the Duqu worm to wiggle its way deep into your hard drive.
"The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution," Thakur wrote yesterday on the Symantec site. "We contacted Microsoft regarding the vulnerability and they're working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries."
Translation: Open the file, and lose control of your machine. Thakur says that Duqu infections have been reported by six unnamed organizations in eight countries, including France, Netherlands, Switzerland, India, and Ukraine. Meanwhile, security vendors in the United Kingdom have also reported possible Duqu infections. Duqu, Reuters notes today, may be the "next big cyber threat."
Of top concern to many security analysts is the similarity between Duqu and Stuxnet, a 2010 bug which targeted industrial computer networks. Speaking to Reuters, Symantec researcher Kevin Haley said that Duqu and Stuxnet share a source code – an indication that the same group that created Stuxnet, may have created Duqu, too.
So what can you do to avoid Duqu? Well, for one, don't open Word docs sent from unfamiliar email addresses. "Unfortunately," Thakur writes,
"no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software. Fortunately, most security vendors already detect and block the main Duqu files, thereby preventing the attack."
Better update your security software regularly.
For more tech news, sign up for the weekly BizTech newsletter, which ships every Wednesday.