The Kaspersky Labs Analysis report on Duqu can be seen at:
http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter
The file dropper contains the exploit of the vulnerability in win32k.sys (CVE-2011-3402). The attacks were launched as spearphishing mails with .doc attachments.
What is interesting is that the infection persisted for almost 3 months, gathering information on the network.
-Joseph Ponnoly
http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter
The file dropper contains the exploit of the vulnerability in win32k.sys (CVE-2011-3402). The attacks were launched as spearphishing mails with .doc attachments.
What is interesting is that the infection persisted for almost 3 months, gathering information on the network.
-Joseph Ponnoly
No comments:
Post a Comment