Saturday, November 12, 2011

Is ' Duqu 'Sounds like a cute robot, Right ? Time to Know about this deadly computer virus !

Well it most certainly is NOT. According to security firm Symantec, Duqu is a pre-cursor to the next Stuxnet virus. That could mean big trouble in government and industrial security-land. In a message released yesterday, the company revealed that Duqu code hade been found in a handful of European industrial control companies. The program is a kind of scout that hackers send in to find vulnerabilities in a system, log keystrokes, and steal passwords. After a successful scout mission, a Stuxnet-like virus can then be deployed. Researchers at Symantec are pretty confident that whomever launched Duqu has first hand knowledge and access to Stuxnet because some of the programming language is identical. Duqu is so covert that it’s programmed to snoop around for 36 days then remove itself, so there’s actually no telling how many systems may have been affected.
Microsoft has released further information on a recently disclosed hole in the Windows kernel that is being exploited by the Duqu worm. The company says that the hole is contained in the Win32k TrueType font parsing engine. Attackers can exploit this security vulnerability to execute arbitrary code in kernel mode.

In a security advisory, Microsoft describes a workaround that allows users to protect themselves. To make it easy for customers to install, the company has also set up a Fix-it support page that offers a one-click tool for the workaround. Both solutions prevent the system from accessing the vulnerable T2embed.dll file.

Microsoft is currently still working on a security update. However, the company said that the update will not be ready in time for its upcoming monthly patch day, known as Patch Tuesday, next week. On the Microsoft Security Response Center's official blog, company spokesperson Jerry Bryant said that this is because the risk for users is low.

Microsoft has also announced that it will release four security bulletins, one of which is rated as critical, on this month's Patch Tuesday, 8 November. The updates will address remote code execution, privilege escalation and denial-of-service (DoS) vulnerabilities in Windows, and will require users to restart their systems.