The creators of the Duqu malware that penetrated industrial manufacturers in at least eight countries tailored each attack with exploit files, control servers, and booby-trapped Microsoft Word documents that were different for each victim, according to research published on Friday. What's more, two of the drivers the …
"Like forensics investigators"
"Like forensics investigators combing through a homicide scene for the tiniest scraps of evidence"
You mean, "File > Open..." "File > Get Info".
More like "Dave, my eyes are killing me for peering through this hex editor to find something that makes sense, can you take over so I can get my two hours of sleep this week?"
You just got your machine hijacked, congratulations
Dude, with people like you around security will never be out of work.
Of course not. We, the anti-virus people, are not dumb users. We have special, in-house developed tools for extracting of such information.
The hidden message is an obvious reference to the Dexter television series
Not "Dexter's Lab"?
DADE, or "dead"?
Duqu - saving the business
Not sure how much M$ or the AV companies will take until a 100% cure is developed and released. But for my peers I would recommend the following prevention steps : 1. Use either Open Office or open the document in online word processor such as googledocs. 2. if that is not feasible, use sandboxing technique to run the MS Word to open documents received from internet.
Though I have not tested these but I am sure this will not allow the embedded code to exploit the vulnerability. I have not come across any infected doc but I am desperately waiting for one to test it out :)
Try reading the analysis next time
It's likely neither of your suggestions would help in the slightest. Duqu exploits a vulnerability in TrueType font handling in the Windows kernel. Using a different application (eg OpenOffice) won't help if that application attempts to render the embedded font. Neither will sandboxing, unless the sandbox has its own TrueType renderer.
You could open the malicious Word file in a copy of Word running under Windows in a VM; then only the VM would be infected, and if you shut it down before Duqu got around to probing for SMB connections or other infection vectors, and you reset the VM to a previous image, you'd be OK. That's a little heavy to use as a routine precautionary measure, don't you think?
Of course you could avoid this particular vector by opening the file in an application running under Linux or Mac OS or any other non-Windows OS, since this exploit is Windows-specific. Then you'd just be exposed to that OS's vulnerabilities instead. Maybe it'll be a long time before there's a Duqu-class worm for Linux or Mac. Maybe one's already out there.
The level of discourse of both the talking heads and the press seems to indicate that in the past fifteen years no significant resources have been deployed anywhere on Earth to respond to the threat, to understand or report it. That's appalling. The entire world is asleep at the switch.
This is grade school hacker stuff, not high-end nation-state stuff. You folk have no idea how bad the situation really is. I'll give you a hint though: it's worse. Much worse. So much worse that you wouldn't believe it.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire