Researchers have found one way that Stuxnet-like Trojan infects computers-Duqu through a Word document that exploits the Windows kernel bugs not previously known.
Installer files are Microsoft Word documents that exploit a vulnerabilty kernel, which allows code to run on the infected system , Symantec said in a posting on the site. There may be other infection methods that are used by other variants that have not been revealed Duqu yet, Kevin Haley, Director of the Symantec Security response, told CNET.
Microsoft is working on a fix, according to Jerry Bryant, Manager of group communication in response to Microsoft's trustworthy computing.
"Microsoft is working with partners to provide protection for the vulnerabilities that are used in a targeted effort to infect computers with malware Duqu," he said in a statement. "We are working diligently to resolve this problem and will release a security update to customers through our security bulletin process."
Most of the antivirus vendor to detect and block the main Duqu files, but until Microsoft patches out companies should avoid opening documents from parties unknown, Symantec said.