The Duqu espionage virus has prompted Microsoft to release a temporary patch to protect against the malware capable of stealing sensitive information.
Microsoft said the creator of the Duqu virus was able to "install programs; view, change or delete data; or create new accounts with full user rights." It exploited a hole in the Windows TrueType font parsing engine to gain this control.
Microsoft's temporary patch will be replaced by a permanent update later, according to The Daily Telegraph. The Laboratory of Cryptography and Systems Security at Budapest University first detected Duqu last month, and believes it to be related to Stuxnet, the virus that disrupted the Iranian nuclear program. Israeli and American intelligence agencies are believed to have orchestrated that attack, the newspaper reported.
“Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” antivirus firm Symantec told the Telegraph. Microsoft shared details of the attacks with antivirus firms, allowing them to "roll out new signatures" to block the virus.
Symantec said Stuxnet and Duqu are likely just part of a large, state-sponsored espionage campaign, and have identified a handful of future targets for the viruses, which are delivered through a bogus Microsoft Word document.
