Since the media has made a huge hype about this, I thought I’d clear up to my readers what Duqu is and how it affects you.
Duqu, also commonly referred to as the ‘son of Stuxnet’, is a Remote Access Trojan that uses a zero-day vulnerability in Microsoft Word to infect a machine. Once dropped on the system, Duqu’s primary task is to stealthily gather data, including logging keystrokes, making it a prime tool for cyberwarfare. However, Duqu is unique in that it was likely developed over several years and its primary method of distribution is through e-mail.
Specifically, Duqu is more likely used to target higher profile targets, such as large companies, from which it can steal data. Microsoft said they “see low customer impact at this time,” which makes sense if Duqu was indeed a targeted attack.
Here are a few tips for those who suspect they are vulnerable:
- While Microsoft has not issued a full patch just yet, it is important to know that a workaround exists. Simply click on the Suggested Actions menu.
- Scan all e-mail attachments you try to open with both anti-virus and anti-malware software. This should automatically be done if you have licensed versions of both products.
- The e-mails can be forged to look like they came from somebody else in the company. If you weren’t expecting an e-mail or the attachment looks fishy, err on the side of caution and ask if the attachment is indeed legitimate.
Note that these types of attacks are common and it is good practice to always follow the steps above.