(LiveHacking.Com) – It has been discovered that the new Duqu trojan (which is thought to be related to Stuxnet) infects PCs by exploiting a zero day Windows kernel vulnerability via a specially crafted Microsoft Word file.
Duqu, which was spotted in the wild a little under two weeks ago, has parts which are nearly identical to that of Stuxnet but the payload carried by the worm is not intended to sabotage industrial control systems, instead it grants general remote access to a remote command-and-control (C&C) server.
Although the analysis of the worm shows no code related to industrial control systems, the executables have been found in organizations involved in the manufacturing of industrial control systems.
It is important to underline that the vulnerability used by Duqu is in Windows itself and not Word. This means that this flaw could be exploited through other delivery mechanisms.
“We are working diligently to address this issue and will release a security update for customers,” Microsoft said on Tuesday in a short twitter statement.
Explotation of zero-day vulnerabilities in Windows by malware programs are not that common. Microsoft’s recent Security Intelligence Report (SIR) showed that none of the malware infections cleaned by the MSRT (Malicious Software Removal Tool) used zero-day exploits.