By Greg Mills

To a hacker, an un-patched zero-day vulnerability is extremely valuable and never frivolously wasted. The Duqu worm seems to have used an unknown Windows vulnerability just to get information for a future attack from “secure” computer networks. No money was stolen. That who ever wrote the worm was more interested in information than money says a lot about who might be behind the project.

Microsoft is working on patching the rare kernel vulnerability as quickly as possible. The recently discovered Duqu worm, which only infects Microsoft Word documents, (.doc) files and then uses a vulnerability in the very kernel of the Windows PC OS to do its dirty work is very well written.

Duqu appears to have been written by the same group that launched Stuxnet last year based upon similarities and the sophistication of the newly discovered malware. No one took credit for Stuxnet but Israel and the US were widely blamed. Stuxnet set Iran back quite a while in it’s sinister nuclear weapons development program.

While Stuxnet appeared to be a very narrowly defined attack actually taking over certain Iranian machines and screwing them up, the Duqu worm seems more of an information gathering bit of malware. For a very informative and educational article on this new worm, see:

The worm seems to have been focused on a number of third world countries, specifically Iran, India, Sudan, Vietnam and France. Infected computers are able to spread the infection using a number of methods to overcome the isolation of secure computer networks which are not connected through the internet. Infected computers reported to a server (, hosted in Belgium, until they pulled the plug. There certainly is a back up plan for Duqu.

Macs are unaffected by the Microsoft OS kernel attack, but might be able to forward infected Microsoft Word documents. Avoiding Windows and Word seem to be the best defense. I always tell my daughter to wash her hands carefully after touching a Windows PC.

That is Greg’s Bite.