London - Arabstoday
Duqu was first detected last month and, according to security analysts, is designed to steal sensitive information from industry. Microsoft said it exploited a vulnerability in the Windows TrueType font parsing engine to gain control of infected computers. The temporary patch will be replaced by permanent update at an undisclosed later date. Whoever was behind Duqu was able to “install programs; view, change or delete data; or create new accounts with full user rights", Microsoft said. It has also shared technical details with anti-virus firms. "This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability,” Microsoft said. “Therefore, we encourage customers to ensure their antivirus software is up-to-date.” The Laboratory of Cryptography and Systems Security at Budapest University, which first detected Duqu, has said it is spread by a bogus Word document. Only a handful of targets have been identified, according to anti-virus firms, leading them to suspect the virus is being used as part of a highly-targeted espionage operation, potentially as a prelude to further Stuxnet-style attacks. “Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” Symantec said. Similarities between Duqu and Stuxnet have led to claims they must have been created by the same state-sponsored entity. Israeli and American intelligence agencies are widely belive to be behind the attack on the Iranian nuclear programme.