Skip to main content

Duqu Exploiting Zero-day Vulnerability in Windows Kernel

Symantec announced recently that a zero-day vulnerability is being exploited by the Duqu trojan to infect systems.

A month ago, a Hungarian research firm named CrySys found out about the Duqu Trojan, and since has been able to recognise a file which is being used to infect systems reported a blog post published by Symantec (opens in new tab).

The file actually happens to be an installer and it comes in the form of a malicious Microsoft Word document designed to exploit the "zero-day code execution" vulnerability present in Windows kernel.

Symantec revealed about the compromised system saying that, "When the file is opened, malicious code executes and installs the main Duqu binaries".

Further, the security firm stated that since the malicious Word document appears as a recovered installer, it points towards the possibility that it has been specifically developed for targeting organisation.

Symantec also said that the file was designed with the purpose of installing Duqu during the specified eight-day window in the month of August.

For the zero-day vulnerability no possible solution has been developed yet and the recovered installer is one of the many installers that have been used to spread the Duqu Trojan.

Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.