New zero-day Windows kernel vulnerability associated with Duqu Trojan !!!

Discussion in 'Security and Viruses' started by INDRANIL, Nov 2, 2011.

  1. INDRANIL
    Offline

    INDRANIL Distinguished Member

    Joined:
    May 10, 2010
    Messages:
    5,156
    Trophy Points:
    268
    Ratings:
    +12 / 0 / -0
    In the continuing saga of the malware known as Duqu, CrySyS Lab at the Budapest University of Technology and Economics has announced it was able to acquire a copy of the "dropper" from one of the victims. Droppers are typically very small, are designed to evade detection by anti-virus and can sometimes contain exploit code used to inject themselves onto the target computer.

    That is why this finding is important. Many analysts still have some doubts as to the relationship between Duqu and Stuxnet, but this piece of the chain of infection was missing. Now with a sample of the missing piece, we can put together a more coherent picture.

    Open your eyes and always be careful :p. Umm probably you should wait for the Microsoft fix :p. Have a nice day ;).

    Source :p.
  2. Guest Ads
    Online

    Google King of the Internet

  3. Bearcat
    Offline

    Bearcat Prominent Member

    Joined:
    Jan 8, 2011
    Messages:
    2,963
    Trophy Points:
    166
    Ratings:
    +0 / 0 / -0
    Thanks for the news Indra! :) How are things going with you my friend?
  4. INDRANIL
    Offline

    INDRANIL Distinguished Member

    Joined:
    May 10, 2010
    Messages:
    5,156
    Trophy Points:
    268
    Ratings:
    +12 / 0 / -0
    Welcome Bear :). Very much busy with the daily schedule :(. Trying to fix that schedule as a flexible one :rolleyes:.
  5. safeguy
    Offline

    safeguy Distinguished Member

    Joined:
    Jul 3, 2009
    Messages:
    5,634
    Trophy Points:
    268
    Ratings:
    +1 / 0 / -0
    I'd appreciate if someone can provide me more information on the dropper and it's delivery mechanisms because I were to assume it's the same common delivery mechanism, I believe you can still defeat this though denying the initial execution of the dropper. Otherwise,you may block it's outbound connections in the hope to stop it from downloading further malicious components.
  6. Krumpelt
    Offline

    Krumpelt Experienced Member

    Joined:
    Oct 30, 2010
    Messages:
    1,019
    Trophy Points:
    112
    Ratings:
    +24 / 0 / -0
    Removal tool from Bitdefender

    http://www.duquremoval.com/en.html

    Microsoft Fix It

    http://support.microsoft.com/kb/2639658

    Good luck guys! :D