Hackers have constantly been using word documents for infecting several machines. But according to Microsoft, hackers have lately misused a bug that was previously unknown in Windows operating system for infecting systems with Duqu virus. Moreover, this virus has also been deemed as the ‘Next Big Cyber-Threat’ by experts.
In a statement given to the newscasters some years ago, Microsoft said that professionals are working diligently to address this issue and they will soon release a security update for the customers. Security software maker, Symantec, in October released the news stating that they have analyzed a cryptic new computer virus discovered by independent researchers. This virus contained a code that was analogous to Stuxnet, which is a piece of malicious software assumed to have inflicted havoc on Iran’s nuclear program. However, this complex cyber-espionage actor has returned.
Unlocking Secrets Behind Duqu
As per the early analysis done by government and some private investigators for unlocking the secrets behind this cyber peril, Duqu was developed by sophisticated hackers in order to facilitate the groundwork for attacks on critical infrastructure including power plants, oil refineries and pipelines. Senior vice president of McAfee Labs in a statement mentioned that virus was actually an initial step in laying the ground for possible attacks onto critical infrastructure. He also added that security companies would take a few weeks to begin with detecting infections in various computer systems around the world.
What Researchers Had to Say Then???
Microsoft disclosed its link to the infection this week and this revealed some details about how Duqu got onto the machines. However, Symantec researchers believe that hackers send this virus only to some targeted victims through emails along with contaminated Microsoft Word documents attached with it. If the recipient opens the Word document, his PC gets infected and this is how the attacker takes control of the machine. Symantec researcher, Kevin Haley told reporters that hackers, with the help of this virus can easily reach into the network of an organization for propagating themselves and for hunting data.
Kevin also told that some of the source code used in Duqu was even used in Stuxnet. This is actually a cyber-weapon which crippled centrifuges that Iran typically used for enriching uranium. This clearly indicates that Stuxnet attackers may have given the code to the Duqu developers or it may have been stolen or they are the same hackers. Some security experts even claim that Duqu was written by the same people as Stuxnet.
Also Read : Best Cloud Antivirus In 2018
Head of Bitdefender Online Threats Lab in a statement said that although Duqu rootkit has been attributed to Stuxnet gang, but we still believe the two e-threats are completely unrelated. He added that as of now, Stuxnet had been successfully reverse-engineered and its code is also published online, which is serving as a source of encouragement for other cyber-criminal gangs. Moreover, the code is also serving as open source for virus community, thereby adding million dollars in value to virus community’s R&D.
What About Duqu 2.0?
Duqu 2.0 has targeted the security giant Kaspersky Labs. It is being called as the most advanced cyber security malware that has ever been created by security researchers.
Kaspersky states “Once the attackers gained domain administrator privileges, they can use these permissions to infect other computers in the domain. To infect other computers in the domain, the attackers use few different strategies. In most of the attacks we monitored, they prepare Microsoft Windows Installer Packages (MSI) and then deploy them remotely to other machines. In addition to creating services to infect other computers in the LAN, attackers can also use the Task Scheduler to start “msiexec.exe” remotely. The usage of Task Scheduler during Duqu infections for lateral movement was also observed with the 2011 version and was described by Symantec in their technical analysis.”
Duqu 2.0 has used number of zero-day vulnerabilities. Here are some of them: –
- CVE-2014-6324;
- CVE-2014-4148;
- CVE-2015-2360;
It has targeted western firms and other organizations located in the Middle East and Asia.
The C&C IPs that has been identified are: –
186.226.56.103
182.253.220.29
Kaspersky has already gathered data about the attacks configured by Duqu 2.0. They have found out that the attacks have been carried out by the infamous Equation group. Again, they have attacked more than 30 countries in different sectors: –
- Aerospace
- Energy
- Governments and diplomatic institutions
- Nuclear research
- Telecommunication
- Military
- Transportation
- Financial institutions
- Oil and gas
- Mass media
- Nanotechnology
- Companies developing cryptographic technologies
Duqu 2.0 has been declared as the most sophisticated malware ever seen by Kaspersky Labs. however, they had begun an internal audit, which will help them stop such breaches.
Must Read : Essential Tips To Avoid Computer Viruses
Quick Reaction:
Leave a Reply