Microsoft Corp. said hackers exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus, which some security experts say could be the next big cyber threat.
“We are working diligently to address this issue and will release a security update for customers,” Microsoft said Tuesday in a short statement.
News of Duqu surfaced in October when security software maker Symantec Corp. said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malicious software believed to have wreaked havoc on Iran’s nuclear program.
Government and private investigators around the world are racing to unlock the secret of Duqu, with early analysis suggesting that it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines.
Details on how Duqu got onto infected machines emerged for the first time Tuesday as Microsoft disclosed its link to the infection.
Separately, Symantec researchers said they believe hackers sent the virus to targeted victims via e-mails with tainted Microsoft Word documents attached.
If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organization’s network to propagate itself and hunt for data, Symantec researcher Kevin Haley told Reuters.
He said some of the source code used in Duqu was also used in Stuxnet, a cyber weapon believed to have crippled centrifuges that Iran uses to enrich uranium.
That suggests that the attackers behind Stuxnet either gave that code to the developers of Duqu, allowed it to be stolen, or are the same people who built Duqu, Haley said.
“We believe it is the latter,” he said.