Greg's Bite: Duqu Trojan uses MS Word
TweetFollow Us on Twitter

Greg's Bite: Duqu Trojan uses MS Word

By Greg Mills

To a hacker, an un-patched zero-day vulnerability is extremely valuable and never frivolously wasted. The Duqu worm seems to have used an unknown Windows vulnerability just to get information for a future attack from "secure" computer networks. No money was stolen. That who ever wrote the worm was more interested in information than money says a lot about who might be behind the project.

Microsoft is working on patching the rare kernel vulnerability as quickly as possible. The recently discovered Duqu worm, which only infects Microsoft Word documents, (.doc) files and then uses a vulnerability in the very kernel of the Windows PC OS to do its dirty work is very well written.

Duqu appears to have been written by the same group that launched Stuxnet last year based upon similarities and the sophistication of the newly discovered malware. No one took credit for Stuxnet but Israel and the US were widely blamed. Stuxnet set Iran back quite a while in it's sinister nuclear weapons development program.

While Stuxnet appeared to be a very narrowly defined attack actually taking over certain Iranian machines and screwing them up, the Duqu worm seems more of an information gathering bit of malware. For a very informative and educational article on this new worm, see: http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-d...

The worm seems to have been focused on a number of third world countries, specifically Iran, India, Sudan, Vietnam and France. Infected computers are able to spread the infection using a number of methods to overcome the isolation of secure computer networks which are not connected through the internet. Infected computers reported to a server (77.241.93.160), hosted in Belgium, until they pulled the plug. There certainly is a back up plan for Duqu.

Macs are unaffected by the Microsoft OS kernel attack, but might be able to forward infected Microsoft Word documents. Avoiding Windows and Word seem to be the best defense. I always tell my daughter to wash her hands carefully after touching a Windows PC.

That is Greg's Bite.

 

Community Search:
MacTech Search:

Software Updates via MacUpdate

Latest Forum Discussions

See All


Price Scanner via MacPrices.net

Early Black Friday Deal: Apple’s newly upgrad...
Amazon has Apple 13″ MacBook Airs with M2 CPUs and 16GB of RAM on early Black Friday sale for $200 off MSRP, only $799. Their prices are the lowest currently available for these newly upgraded 13″ M2... Read more
13-inch 8GB M2 MacBook Airs for $749, $250 of...
Best Buy has Apple 13″ MacBook Airs with M2 CPUs and 8GB of RAM in stock and on sale on their online store for $250 off MSRP. Prices start at $749. Their prices are the lowest currently available for... Read more
Amazon is offering an early Black Friday $100...
Amazon is offering early Black Friday discounts on Apple’s new 2024 WiFi iPad minis ranging up to $100 off MSRP, each with free shipping. These are the lowest prices available for new minis anywhere... Read more
Price Drop! Clearance 14-inch M3 MacBook Pros...
Best Buy is offering a $500 discount on clearance 14″ M3 MacBook Pros on their online store this week with prices available starting at only $1099. Prices valid for online orders only, in-store... Read more
Apple AirPods Pro with USB-C on early Black F...
A couple of Apple retailers are offering $70 (28%) discounts on Apple’s AirPods Pro with USB-C (and hearing aid capabilities) this weekend. These are early AirPods Black Friday discounts if you’re... Read more
Price drop! 13-inch M3 MacBook Airs now avail...
With yesterday’s across-the-board MacBook Air upgrade to 16GB of RAM standard, Apple has dropped prices on clearance 13″ 8GB M3 MacBook Airs, Certified Refurbished, to a new low starting at only $829... Read more
Price drop! Apple 15-inch M3 MacBook Airs now...
With yesterday’s release of 15-inch M3 MacBook Airs with 16GB of RAM standard, Apple has dropped prices on clearance Certified Refurbished 15″ 8GB M3 MacBook Airs to a new low starting at only $999.... Read more
Apple has clearance 15-inch M2 MacBook Airs a...
Apple has clearance, Certified Refurbished, 15″ M2 MacBook Airs now available starting at $929 and ranging up to $410 off original MSRP. These are the cheapest 15″ MacBook Airs for sale today at... Read more
Apple drops prices on 13-inch M2 MacBook Airs...
Apple has dropped prices on 13″ M2 MacBook Airs to a new low of only $749 in their Certified Refurbished store. These are the cheapest M2-powered MacBooks for sale at Apple. Apple’s one-year warranty... Read more
Clearance 13-inch M1 MacBook Airs available a...
Apple has clearance 13″ M1 MacBook Airs, Certified Refurbished, now available for $679 for 8-Core CPU/7-Core GPU/256GB models. Apple’s one-year warranty is included, shipping is free, and each... Read more
 

Jobs Board

Seasonal Cashier - *Apple* Blossom Mall - J...
Seasonal Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Read more
Seasonal Fine Jewelry Commission Associate -...
…Fine Jewelry Commission Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) Read more
Seasonal Operations Associate - *Apple* Blo...
Seasonal Operations Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Read more
Hair Stylist - *Apple* Blossom Mall - JCPen...
Hair Stylist - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom Read more
Cashier - *Apple* Blossom Mall - JCPenney (...
Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom Mall Read more

  • Generate a short URL for this page:



All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.