Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Worms IT

Inside the Duqu Worm's Source Code 157

angry tapir writes "Wrapped in the code the Duqu worm uses to infect computers is the message: 'Copyright (c) 2003 Showtime Inc. All rights reserved. DexterRegularDexter.' An analysis of the worm has also revealed that Duqu, which is similar to Stuxnet and may even have been written by the same developers, may be four years old and that it generally tries to steal information on Wednesdays."
This discussion has been archived. No new comments can be posted.

Inside the Duqu Worm's Source Code

Comments Filter:
  • by Fluffeh ( 1273756 ) on Monday November 14, 2011 @12:30AM (#38045288)

    Via email attachments?? Please - Nowadays, you'd have to be an UTTER CHUMP to fall for that "old trick"..........

    Are you kidding me? While I agree that most people reading /. wouldn't fall for that trick, I can assure you that the company I work in (multinational retailer, I work in their head office) nine out of ten people wouldn't hesitate to open a Word attachment from someone they didn't know. Actually, I think the ratio may well be higher.

    Now, it's being called "beautiful" in its interior code work, & it very well MAY BE quite elegant but... its deliver mechanism is "2nd rate", imo @ least.

    Actually, I would disagree with that. Just because there are nicer ways to do it, doesn't mean that you need to use them. If you can send a single .doc attachment to a user within an organisation to get into it, why isn't that a perfect way to do it? There isn't anything wrong with spearphising. To use the car analogy, if you want to get to your letterbox, there isn't any point in driving a supercar to get to it - just walk from the front door.

  • by Anonymous Coward on Monday November 14, 2011 @05:37AM (#38046450)
    "not it has not, do your homework" meant :

    No it has not been patched in last Tuesday's "MS Patch Tuesday" (although a temporary fix indeed exist, which I didn't deny in any way, on the contrary), you might want to check that before SCREAMING it to the world. As for the macro thing, I've read (and apparently many others that answered to you) that it's a problem with the TrueType font parsing engine (which you would have read too if you had done your homework ages ago, that is some googling on microsoft's website (and others'))

    I don't know where you started to understand that I was implying in anyway that duqu could not be fixed or removed by you and others or that you where vulnerable to it ...

Truth is free, but information costs.