Microsoft Corp has said hackers have exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus, which some security experts say could be the next big cyber threat.
“We are working diligently to address this issue and will release a security update for customers,” Microsoft said on Tuesday in a short statement.
News of Duqu surfaced in October when security software maker Symantec Corp said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malicious software believed to have wreaked havoc on Iran’s nuclear program.
Meanwhile Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the malware.
Two workers at a web-hosting company called Web Werks told Reuters that officials from India’s Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.
Details on how Duqu got onto infected machines emerged for the first time on Tuesday as Microsoft disclosed its link to the infection. Separately, Symantec researchers said they believe hackers sent the virus to targeted victims via emails with tainted Microsoft Word documents attached.
If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organization’s network to propagate itself and hunt for data, Symantec researcher Kevin Haley told Reuters.
He said some of the source code used in Duqu was also used in Stuxnet, a cyber weapon believed to have crippled centrifuges that Iran uses to enrich uranium. That suggests that the attackers behind Stuxnet either gave that code to the developers of Duqu, allowed it to be stolen, or are the same people who built Duqu, Haley said.
“We believe it is the latter,” he said.
Oct 20, 2014
Oct 20, 2014