The recent outbreak of the Duqu Trojan, a sibling of the infamous Stuxnet industrial malware, has become yet another example of a highly sophisticated cybercriminal act. The analysis carried out by Kaspersky Lab\u2019s experts has proven that Duqu was used as a weapon for targeted attacks on certain businesses; as such, every single Duqu infection is no mere accident. In a move to aid Duqu analysis and treatment, Kaspersky Lab has set up a special e-mail address which companies and individuals can use to contact the company\u2019s experts and request help in investigating an infection with Duqu.<\/p>\n
The stopduqu@kaspersky.com<\/a> e-mail is a digital hotline for those who may discover a Duqu infection on their PC. It is important to understand that the \u201cremediate and forget\u201d approach does not work for Duqu. Any infection attempt signals that it was important for cybercriminals to gain control over a certain system, so there\u2019d be a high chance of repeated attacks using various other methods. By contacting Kaspersky Lab businesses and individuals can ensure the safety of their sensitive data.<\/p>\n The recent Duqu-related discoveries by Kaspersky Lab\u2019s experts have revealed<\/a> its method of infection, which was previously unknown. It turns out that the Trojan\u2019s penetration method made use of carefully tailored socially-engineered e-mails. These e-mails contain a Word .doc file that exploits a zero-day vulnerability<\/a> in Microsoft Windows\u2019 font-parsing engine. Although the permanent fix for this vulnerability is yet to be released by Microsoft, Kaspersky Lab\u2019s security products already detect and block the exploits using this security hole as well as all known modifications of Duqu itself.<\/p>\n In the latest update on Duqu analysis, the Trojan\u2019s driver \u2013 the first component to be loaded in the system \u2013 is described. The method of how it contacts the command and control server is also revealed, as well as the fact that the payload DLL \u2013 another component of Duqu \u2013 is able to connect to network shares and even become a control server for other machines. Kaspersky Lab\u2019s experts will continue their analysis of the complex structure of the payload, which has, among other features, a special functionality for stealing sensitive data.<\/p>\n <\/p>\n Detailed results of the Duqu analysis update are available here<\/a> at Securelist.<\/p>\n","protected":false},"excerpt":{"rendered":" The recent outbreak of the Duqu Trojan, a sibling of the infamous Stuxnet industrial malware, has become yet another example of a highly sophisticated cybercriminal act. The analysis carried out by Kaspersky Lab\u2019s experts has proven that Duqu was used as a weapon for targeted attacks on certain businesses; as such, every single Duqu infection<\/p>\n