Joined: 05-14-2005 08:18 PM
Location: The VDCQ Dungeon
The Duqu computer infection was spread with the help of an infected Microsoft Word document, according to a report.CLICK HERE TO READ MORE OF THIS STORY
The research says the Trojan exploited a previously unknown vulnerability embedded in Word files, allowing Duqu to modify computers' security protection.
The code is believed to have been designed to gather intelligence from industrial control-systems.
Microsoft says it is preparing a software patch to address the issue.
The Laboratory of Cryptography and Systems Security (Crysys) at Budapest University made the discovery.
"We carefully analysed the available forensics data from the original incident where Duqu was uncovered," Dr Boldizsar Bencsath, who led the investigation, told the BBC.
"We found suspicious files that we further analysed, and in one case, we were able to prove that the file contains the installer of Duqu and it uses a zero-day exploit."
A zero-day exploit is a computer threat that make use of a previously unknown software error to allow the attacker to gain permissions they should not have.
Dr Bencsath added that it is possible that Duqu may also be installed by other means, but he had not found any evidence to suggest it.