Duqu: Steal Everything


Are You Safe?

Kaspersky Lab Protects Against Duqu-originated Zero-day Vulnerability in Windows

Our security solutions are detecting the vulnerability that was used for distributing all known versions of the Duqu Trojan. Kaspersky Lab’s experts have successfully implemented protection against Trojan.Win32.Duqu.a as well as other malicious programs exploiting the CVE-2011-3402 vulnerability.

The “zero-day” type of vulnerability in question was found in the Win32k TrueType font-parsing engine; as such, the vulnerability affects various office programs. For example, a specially crafted Microsoft Word document opened on a victim’s machine can be used to elevate privileges and then run arbitrary code.

More information about the vulnerability can be found on Microsoft’s website.

What is Duqu?

Duqu FAQ. Latest update – March 27th, 2012

Kaspersky Lab’s investigation

“The Mystery of Duqu” in blogs:

  • Part One. Connections between Duqu and Stuxnet. October 20th, 2011
  • Part Two. One of the first real infection cases took place in Sudan. October 25th, 2011
  • Part Three. Detection of the main missing link – a dropper that performed the initial system infection. November 02, 2011
  • Part Four: Enter Mr. B. Jason and TV’s Dexter. Puzzles with a photo of the NGC 6745 galaxy and the TV series Dexter. November 11, 2011
  • Part Five. Review of Duqu’s components. November 15, 2011
  • Part Six. Researching the Command and Control infrastructure used by Duqu. November 30, 2011
  • Part Seven. Stuxnet/Duqu: The Evolution of Drivers. December 28, 2011
  • Part Eight. The mystery of the Duqu Framework. March 7, 2012
  • Part Nine. The mystery of Duqu Framework solved. March 19, 2012
  • Part Ten. The mystery of Duqu: Part Ten. March 27, 2012

Be the first to know our news, follow Kaspersky Lab on Facebook Facebook and Twitter Twitter


Costin Raiu of Kaspersky Lab's Global Research and Analysis Team talks about the investigation into Duqu, the likelihood that it was written by the same team as Stuxnet, whether a government is behind its development and what mistakes the authors made.

Download the podcast from the Threatpost site.

Duqu in the Media

Stop Duqu!

The stopduqu@kaspersky.com e-mail is a digital hotline for those who may discover a Duqu infection on their PC. Сompanies and individuals can use it to contact Kaspersky Lab’s experts and request help in investigating an infection with Duqu.

The analysis carried out by Kaspersky Lab’s experts has proven that Duqu was used as a weapon for targeted attacks on certain businesses; as such, every single Duqu infection is no mere accident. Any infection attempt signals that it was important for cybercriminals to gain control over a certain system, so there’d be a high chance of repeated attacks using various other methods. By contacting Kaspersky Lab businesses and individuals can ensure the safety of their sensitive data.

Back to top

© 2016 AO Kaspersky Lab.

All Rights Reserved.