Duqu trojan, a nefarious malware that can compromise organizational data by infecting the computers, has been doing rounds around the globe. Experts say that at least eight countries have been attacked with the virus. However, Kaspersky Labs may have found a way to counter it.
Duqu trojan is considered another attack in a series of attacks that aim at stealing important data of organizations, both private and governmental. The computer worm was discovered in September 2011.
Attacking the target computer:
One of the reasons why Duqu trojan has spread so rapidly is because the emails it uses to access a computer seem very original. An email is received by the victim from a person claiming to be ‘Mr. B Jason.’ The email asks for a joint business venture with the target company and contains a Microsoft word attachment. The attachment also looks very real because it contains the actual name of the target company in its title. According to experts, the attackers launched this attack a number of times. The first time, the email was sent to the junk folder. Next time, the attackers slightly amended the content of the email so that it would look more real and won’t end up in junk. This time, it was able to reach the target inbox.
Once a person clicks the attachment, the virus loads into the computer automatically. What’s interesting about the virus’ activity is that it doesn’t do anything as long as a person is working on his computer. However, when it detects that there has been no keystroke or mouse movement in the last ten minutes, it activates.
The intent of the attack:
Experts at Kaspersky Labs have said that once the malware installs on the computer through the attachment in the mail, it becomes a dropper which paves the way to the installation of Duqu module itself. This Duqu module then fishes away the important data saved within a computer.
Iran was hit hard by the Duqu malware this year but claims that it has developed measures to counter the attack. According to Iranian officials, the anti-Duqu software has been disseminated among organizations so as to secure their computers from the attack. However, the identity of the attackers remains hidden.
Image Courtesy sk8geek and Robbert can der Steeg.
[ttjad keyword=”general”]