Anyone else worried about the Duqu worm?

rcook12

I’ve seen tons of articles pop up in my news feeds today about the Duqu worm, and the latest news tells me that there is still no patch to close the vulnerability in Window.  My level of concern is growing. How much risk is there that this worm will cause widespread harm? Are businesses here in the U.S. of A. at risk?

Topic: Security
Answer this Question

Answers

2 total
jdixon
Vote Up (23)

 

From what I have read from Forbes, it seems that the Duqu worm is possibly the result of some government's intelligence agency at work, and seems to be used in targeted attacks.  Now that it is out there, who knows how far it will spread.    It seems that it uses a .doc file to install itself on your hard drive, so I certainly won't be opening any Word files that appear unexpectedly in my inbox.  Hopefully the patch that Microsoft is working on will be released shortly.  

 

Symantec published a white paper on Duqu that you might find interesting:  http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf 

 

jimlynch
Vote Up (22)

No, not at all for my personal computing. I run Linux and Mac OS X. As far as I know neither of them is vulnerable to the Duqu worm at this point. It seems to be a Windows only virus.

That said, it certainly has the potential to cause significant problems so I hope the authorities can get a handle on it fast.

For those who aren't familiar with it, here's some background information:

http://www.dailytech.com/Nasty+Duqu+Worm+Exploits+Same+Microsoft+Office+...

"The "Duqu" worm is currently sweeping corporate networks worldwide, seeking to infect as many machines as possible in what appears to be an effort to target power plants, oil refineries and pipelines.

Microsoft Corp. (MSFT) revealed this week that Duqu uses similar code to the Stuxnet worm, which crippled Iranian nuclear power computer systems in 2010. Many have voiced suspicions that U.S. defense or intelligence agencies were behind Stuxnet, but it appears extreme unlikely that the U.S. government had anything to do with Duqu. In fact, Duqu appears to be targeting U.S. allies."

Ask a question

Join Now or Sign In to ask a question.
Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers.
Vulnerabilities in the Tails operating system could reveal your IP address, but you can avoid trouble by taking a couple of precautions.
Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Dennis Technology Labs says it tested it because of marketing claims for it; Malwarebytes says free version of product is just a clean-up tool.
A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.
An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.
Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+