[ bigvlada @ 11.11.2011. 09:21 ] @
What is Duqu Virus and how to fix Duqu Virus in Windows using Microsoft Patch?


Duqu virus fixing methods in Windows 7, Windows Vista and Windows XP are given here. What is Duqu virus, How to prevent Duqu virus in affecting your Windows PC, How Duqu Virus spreads and What Duqu Virus can do in Windows?, Microsoft Patch to fix Duqu Virus are given here.

What is Duqu Virus?


Duqu Virus is a new virus which is spreading through Microsoft Word. Duqu virus was so named because it creates files with "DQ" in the prefix. The virus is affecting by exploiting the hidden loop hole in Microsoft Word. Microsoft has already confirmed the spread of virus. Microsoft has named the loop hole in Microsoft Word as "Zero Day Exploit". The virus has a similar code of Stuxnet Virus which was created to destroy Iran Nuclear Experiments. The Duqu virus can leaks data from any of the computers which it affects. The virus is mainly made for leaking data's from power plants, oil refineries, and pipelines. The hackers first use a server in India to stole data. When these servers are blocked the hackers changed their server from India to Belgium.

It is expected that data acquired by the virus will be used for creating new computer weapons. The hackers remain unknown but researches think that they are backed by a Government. All public and private companies are trying hard to find patches for Duqu virus. But the patch for Duqu virus is difficult to find because it is one of the complex software in virus history. Now Microsoft has come forward with Duqu Virus patch for Windows.

How Duqu Virus spreads and What Duqu Virus can do in Windows?

Duqu virus mainly spreads through e-mails. The virus will be attached in word files and user will get these word files as an attachment in email. When the user opens the attachment the virus gets affected to the user's PC. The main reason which causes a wide spread infection of Duqu virus is that Duqu uses a digital certificates for its operation. The certificate is from a Taiwan company whose private keys which creates certificates were stolen in this year.

When a Duqu virus affect a computer, then the particular computer can be controlled by a remote server. This means that any data can be taken from the computer by the remote server. The attacker can also create new data, delete data, Install programs and even can create new Windows account with full permissions. The Duqu virus mainly consists of a driver file, a dynamic linked library (DLL) and a configuration file. When a virus enters to the system these files are automatically installed by using special codes.

Microsoft Patch to fix Duqu Virus

The best way to control Duqu virus is to prevent its spreading. Don't open word files attached to the email if you are not sure about the sender. Now Microsoft provides a temporary fix for Duqu virus. To use this fix visit http://support.microsoft.com/kb/2639658

Stuxnet je bio dizajniran za Siemens SCADA sisteme, od ovoga se mogu napraviti dosta gadnije stvari.
[ Dashkes @ 11.11.2011. 10:17 ] @
Da stvar bude još smešnija, neki od antivirusa ga još uvek ne detektuju. :)
[ bigvlada @ 14.11.2011. 07:06 ] @
ovo je sa avg bloga

Microsoft release four security updates on Patch Tuesday
Posted 3 days ago by AVG Blogs


What is Patch Tuesday?

Microsoft provides core platform patches and updates monthly, usually on the second Tuesday of each month. This has become known as Patch Tuesday.

What has been fixed this time round?

The patch includes a fix for a critical hole allowing remote code execution in Windows. Importantly, this patch is only available for newer versions of Windows such as Vista and Windows 7, meaning that the vulnerability is found in the newer Windows code.

While this fix is regarded as critical by Microsoft, two of the other fixes were rated as important and one only as moderate.

Full details of the patches can be found on Microsoft’s official blogs

What hasn’t been included?

Interestingly, this Patch Tuesday did not include a permanent fix to the Duqu worm. Duqu was discovered on 1 September 2011, thought to be related to the Stuxnet worm. Microsoft did quickly release a workaround to protect users from Duqu but has yet to provide a permanent solution.

How do I make sure I’m protected?

Nearly all PC users will automatically download and update their operating system so in most cases all the user needs to do is reboot their machine when prompted. Elsewhere, network administrators in business and industry will manage the updating of the system, after all Patch Tuesdays are common practice.

Not that we should be concerned. Microsoft announced in a blog post that although it was theoretically possible for attackers to use the remote code execution (RCE, fixed in this patch), they “believe it is difficult to achieve RCE using this vulnerability considering that the type of network packets required and the small timing window between the release and next access of the structure, and a large number of packets are required to pull off the attack,” Microsoft said.

Koliko sam shvatio, registrovala ga je jedna mađarska univerzitetska laboratorija.
[ Aleksandar Maletic @ 16.11.2011. 10:30 ] @
Smatram da prosečne korisnike ova napast bez problema zaobilazi, pretpostavio sam šta je ustvari bio cilj konstruisanja jednog ovakvog kompleksnog malware-a.

http://www.informacija.rs/Vest...-da-je-Duqu-pod-kontrolom.html
[ bigvlada @ 17.11.2011. 07:55 ] @
Ma nije problem ova specifična napast, već one što bi mogle nastati iz nje.