November 03, 2011, 12:00 AM — At the top of a story saying Microsoft isn't going to be able to patch the newly discovered hole exploited by the advanced and scary Duqu trojan also shows how freaked out people are by computer viruses (and that the people who write headlines on IT security stories sometimes don't read the stories themselves): ‘Next big cyber threat’ Duqu virus originated from OS bug: Microsoft.
First: No it didn't.
Duqu appears to have originated in the same super-secret lab hidden under the lake in a crater of an extinct volcano that also spewed out Stuxnet on its mission to infect the computers running equipment for Iran's nuclear fuel-development project and keep that from happening.
It didn't come from Windows (or Microsoft). Duqu probably came from the same people who wrote Stuxnet, or at least people with access to the Stuxnet source code, according to analyses by Symantec and the CrySyS Lab in Budapest, which discovered Duqu.
Duqu shares a lot of code with Stuxnet and shares Stuxnet's flair for elegant, creative ways to exploit a weakness or find a way around it. It also shows the same effort to keep the virus covert for as long as possible while it does its work, often in very subtle ways, the reports said.
Second: Duqu didn't become Duqu because of a Windows bug any more than Stuxnet became a threat to regional peace and security because someone forgot to apply the right patches to the Windows boxes Iran used to run its nuclear-fuel centrifuges.
Duqu is unusual among virii because it exploits a completely unknown flaw in Windows that allows it to execute code that decrypts, unzips and unfurls various components, which then sniff around their environment to see where they can best install the malicious core of the app, and erase themselves when they're done so it's harder to find them, according to Symantec's white paper that lays out most of Duqu's details.
Duqu is not able to penetrate Windows machines simply because of a flaw in Windows.
Duqu is designed like a weapon; it takes advantage of flaws or gaps where it finds them, but is not limited to following the path of least resistance.
Symantec: Duqu: the precursor to the next Stuxnet, flowchart of Duqu installation procedure.