Microsoft has issued a temporary fix to the destructive Duqu virus — also known as "Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 and Windows Server 2008.
The company promised the security update in early November as it took paces towards abolishing the virus, which targets victims via email including a Microsoft Word attachment. By opening the Word document, you give the attacker access to and total control of your PC.
On the company’s blog, Jerry Bryant of Microsoft’s Trustworthy Computing Group announced that the company has issued a workaround that can be applied to any Windows system. "To make it easy for customers to install, we have released a Fix it that will allow one-click installation of the workaround and an easy way for enterprises to deploy,” he said.
Duqu first hit the scene in October when Symantec said it had found a virus that contained code similar to Stuxnet, a piece of malicious software responsible for wreaking havoc on Iran’s nuclear program.
Symantec’s Vikrum Thakur was quoted saying that the authors of the virus are extremely bright and tech savvy and that they mean business. He believes that Duqu may be looking to gather intelligence as a precursor to a future industrial-strength attack on infrastructure computers. "There is a common trait among the computers being attacked,” Thakur said. "They involve industrial command and control systems.”
When it comes to the everyday user, Microsoft believes "the risk for customers remains low.” For now. "That is always subject to change, so we encourage customers to either apply the workaround or ensure their anti-malware vendor has added new signatures based on the information we’ve provided them to ensure protections are in place for this issue,” adds Bryant.