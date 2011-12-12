* Microsoft says working to fix bug, issue update
* Symantec says virus delivered via tainted Word document
* Details emerge as experts race to unlock Duqu secrets
Nov 1 Microsoft Corp said hackers
exploited a previously unknown bug in its Windows operating
system to infect computers with the Duqu virus, which some
security experts say could be the next big cyber threat.
"We are working diligently to address this issue and will
release a security update for customers," Microsoft said on
News of Duqu surfaced in October when security software
maker Symantec Corp said that a research lab with
international connections had alerted it to a mysterious
computer virus that "appeared to be very similar to Stuxnet," a
piece of malicious software believed to have wreaked havoc on
Iran's nuclear program.
Government and private investigators around the world are
racing to unlock the secret of Duqu, with early analysis
suggesting that it was developed by sophisticated hackers to
help lay the groundwork for attacks on critical infrastructure
such as power plants, oil refineries and pipelines.
Details on how Duqu got onto infected machines emerged for
the first time on Tuesday as Microsoft disclosed its link to
the infection.
Separately, Symantec researchers said they believe hackers
sent the virus to targeted victims via emails with tainted
Microsoft Word documents attached.
If a recipient opened the Word document and infected the PC,
the attacker could take control of the machine and reach into
an organization's network to propagate itself and hunt for
data, Symantec researcher Kevin Haley told Reuters.
He said some of the source code used in Duqu was also used
in Stuxnet, a cyber weapon believed to have crippled
centrifuges that Iran uses to enrich uranium.
That suggests that the attackers behind Stuxnet either gave
that code to the developers of Duqu, allowed it to be stolen,
or are the same people who built Duqu, Haley said.
"We believe it is the latter," he said.