We interview Ronnie Ng, Senior Manager at Symantec, doing Pre-Sales for Systems Engineering.
He tells us more about the Symantec DuQu discovery and the best practices that should be followed.
Additionally, after the interview with Ronnie, Symantec released another update. We copy that update here.
As a result of its continued investigation into the Duqu targeted attacks, Symantec has confirmed that a previously unknown Microsoft zero-day vulnerability was used to infect targeted computers. This update is among several other new key findings bySymantec and CrySyS detailed in the latest Symantec blog post.
The Windows vulnerability was exploited via a maliciously crafted Word document and enabled the attackers to install the main Duqu binaries. Thus, this is the missing installer component previously discussed. It should be noted that this is just one of potentially multiple installer methods that may have been used by attackers to infect computers in different organisations.
Additional new key findings include evidence of commands sent to Duqu to spread within infected networks; the attackers’ ability to communicate with non-Internet connected, Duqu-infected computers via a peer-to-peer communication method; and that an additional Duqu sample has been recovered that is designed to communicate with a second command and control server.