1. Symantec/
  2. Security Response/
  3. W32.Duqu

W32.Duqu

Risk Level 1: Very Low

Discovered:
October 18, 2011
Updated:
October 19, 2011 10:25:53 AM
Also Known As:
TROJ_SHADOW.AF [Trend], TROJ_DUQU.ENC [Trend], TROJ_DUQU.DEC [Trend], Mal/Duqu-A [Sophos], RTKT_DUQU.A [Trend]
Type:
Trojan
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
CVE References:
CVE-2011-3402, 2639417, MS11-087
W32.Duqu is a Trojan that opens a back door and downloads more files on to the compromised computer. It also has rootkit functionality and may steal information from the compromised computer.

The Trojan may arrive as a Microsoft Word document containing an exploit for the Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability (BID 50462). Successful exploitation of the vulnerability will enable the Trojan to be dropped and executed on the targeted computer.

Initial analysis of this threat has shown that it is closely related to the W32.Stuxnet worm from 2010. More information about W32.Duqu and W32.Stuxnet can be found in the following resources:

Note: Virus definitions dated October 18, 2011 or earlier detect this threat as Trojan Horse.

Antivirus Protection Dates

  • Initial Rapid Release version October 27, 2011 revision 051
  • Latest Rapid Release version September 14, 2016 revision 021
  • Initial Daily Certified version October 28, 2011 revision 002
  • Latest Daily Certified version September 15, 2016 revision 001
  • Initial Weekly Certified release date October 19, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Poul Jensen

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube