Stuxnet, detected by VirusBlokAda in June 2010, is considered as one of the dreadful piece of malware in the history. It is said that this malware had a special country and industrial based target and made a lot of damage using hacking world’s most powerful weapon “zero-day” exploit in a short span of time. A detailed report of this threat is published on the WIERED in July this year. A killer article by Kim Zetter titled How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History that brought light into the damage it caused to one specific country.
Similar to Stuxnet, a new piece of Trojan Malware is appeared dubbed as Duqu. That means it is also designed to steal data from Industrial Organizations but unclear whether it targets any specific country or industry. Duqu or “Son of Stuxnet”, discovered in October by CrySys, a Hungarian Security firm may already infiltrated into PCs around the world. But no detailed information is available so far in this regard.
What make it alarming is that, as already stated above, Duqu’s similarity with last year discovered infamous malware Stuxnet. If the authors of these two malwares are same, then there should definitely be a target, it might be any particular industry, or country.
To protect your PC from Duqu’s threat do follow the below tips.
Prevention
Duqu is hidden in Microsoft’s Word document. So carefully deal with Word files received via E-mail, even if it comes from your friend or colleague.
Follow Microsoft’s workaround as per Microsoft’s security advisory 2639658 for temporary fix.
On Windows XP and Windows Server 2003:
For 32-bit systems, enter the following command at an administrative command prompt:
Echo y| cacls “%windir%\system32\t2embed.dll” /E /P everyone:N
For 64-bit systems, enter the following command from an administrative command prompt:
Echo y| cacls “%windir%\system32\t2embed.dll” /E /P everyone:N
Echo y| cacls “%windir%\syswow64\t2embed.dll” /E /P everyone:N
On Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2:
For 32-bit systems, enter the following command at an administrative command prompt:
Takeown.exe /f “%windir%\system32\t2embed.dll”
Icacls.exe “%windir%\system32\t2embed.dll” /deny *S-1-1-0:(F)
For 64-bit systems, enter the following command at an administrative command prompt:
Takeown.exe /f “%windir%\system32\t2embed.dll”
Icacls.exe “%windir%\system32\t2embed.dll” /deny *S-1-1-0:(F)
Takeown.exe /f “%windir%\syswow64\t2embed.dll”
Icacls.exe “%windir%\syswow64\t2embed.dll” /deny *S-1-1-0:(F)
If Already Infected
A free removal tool is available from BitDefender. Try it.
Rootkit.Duqu.A Removal Tool (64-bit)
Rootkit.Duqu.A Removal Tool (32-bit)
We can expect signature updates from leading security software venders at any point of time. So try to keep update your security program.
Image Credit : Mr. Cacahuate (Flickr)
[...] The Menacing Duqu Attack – Prevention and Removal [...]