10 stories
today

Newer version of Duqu virus discovered, attackers are still at it

Not that long ago, Microsoft revealed that hackers had exploited a previously unknown bug in Windows to infect computers with the Duqu virus, which was developed by hackers to lay the groundwork for attacks on critical infrastructurs. Now, a new version of the virus has been discovered.

The security group Symantec was recently tipped off to a file that turned out to be a new version of W32.Duqu. This new version has not been in the wild that long as it was compiled on February 23, 2012. A test of the code reveled that it would evade some security product detections, but was only partially successful. Symantec received a small part of the overall attack code and the company is continually monitoring for related components and newer versions.

“Although we do not have all of the information regarding this infection, the emergence of this new file does show that the attackers are still active. Without the other components of the attack it is impossible to say whether any new developments have been added to the code since we last saw a release from the group in November 2011,” Symantec added. This Duqu version is pretending to be a Microsoft class driver.

The threat of Duqu originally surfaced in October of this year when security firm Symantec discovered a mysterious computer virus that contained code similar to Stuxnet, a piece of malicious software believed to have wreaked havoc on Iran’s nuclear program.

Microsoft disclosed its connection to the infection by disclosing how the virus is targeted to victims via emails containing tainted Microsoft Word documents. Once opened, the victim’s computer would be infected and the attacker would be able to take control of the machine and wreak havoc on the organization’s network.

No word on whether Windows is at risk again or if this threat is as critical as the original. More on this as it develops.

Further reading: ,