Skip to main content

Duqu Exploiting Zero-day Vulnerability in Windows Kernel

Symantec announced recently that a zero-day vulnerability is being exploited by the Duqu trojan to infect systems.

A month ago, a Hungarian research firm named CrySys found out about the Duqu Trojan, and since has been able to recognise a file which is being used to infect systems reported a blog post published by Symantec.

The file actually happens to be an installer and it comes in the form of a malicious Microsoft Word document designed to exploit the "zero-day code execution" vulnerability present in Windows kernel.

Symantec revealed about the compromised system saying that, "When the file is opened, malicious code executes and installs the main Duqu binaries".

Further, the security firm stated that since the malicious Word document appears as a recovered installer, it points towards the possibility that it has been specifically developed for targeting organisation.

Symantec also said that the file was designed with the purpose of installing Duqu during the specified eight-day window in the month of August.

For the zero-day vulnerability no possible solution has been developed yet and the recovered installer is one of the many installers that have been used to spread the Duqu Trojan.