Stuxnet-like virus hides in Microsoft Word files
SAN FRANCISCO — Microsoft said Thursday it is working to fix a Windows software vulnerability that lets a Stuxnet-like Duqu virus sneak into computers by hiding in Word document files.
Duqu infections have been reported in a dozen countries including Iran, France, Britain and India, according to US computer security firm Symantec.
“Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware,” said Microsoft trustworthy computer group manager Jerry Bryant.
“We are working diligently to address this issue and will release a security update for customers through our security bulletin process,” he added in an email response to an AFP inquiry.
Symantec said the Duqu threat is growing and that slipping into machines through Word files is “one of many forms of attacks that cyber criminals can use to infect computers.”
Similarities between Duqu and a malicious Stuxnet worm have prompted speculation that the same culprits might be involved, though no links have been proven.
The new virus, dubbed “Duqu” because it creates files with the file name prefix “DQ,” is similar to Stuxnet but is designed to gather intelligence for future attacks on industrial control systems.
“The threat was written by the same authors (or those who have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered,” Symantec said on its website.
“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.
“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”
Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was designed to attack.
The New York Times reported in January that US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran’s efforts to make a nuclear bomb.
Tehran denies it is seeking nuclear weapons, insisting its nuclear program has peaceful civilian purposes.