Duqu Virus Detected in Iran
ANALYSIS
Iran announced Sunday that it had detected the Duqu computer virus and suspects it has been aimed at sabotaging the Islamic Republic's nuclear sites.
We are in the initial phase of fighting the Duqu virus, said Gholamreza Jalali, the head of Iran's civil defense organization. The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet.
Jalali added that Iran had developed software to combat the virus, and would thoroughly check all computers at main sites to keep the virus at bay.
All the organizations and centers that could be susceptible to being contaminated are being controlled, Jalali said.
Duqu first surfaced when security researchers at Symantec, based in Mountain View, Calif., learned about the threat from a customer. The bug is called Duqu because the files it creates have the prefix DQ, but Symantec believes the bug is a precursor to a future Stuxnet-like attack.
Stuxnet made headlines in 2010 when the virus infected thousands of computers in 155 countries. Many experts believe the worm was likely designed as an American-Israeli project meant to sabotage computers Iran's nuclear sites, by damaging the motors used to power the centrifuges for uranium enrichment, causing them to spin out of control. The worm targeted Siemens industrial software and equipment running Microsoft Windows, and was the first time malware was discovered to spy and subvert industrial systems.
The threat was highly targeted towards a limited number of organizations for their specific assets, said Symantec in a company blog.
Since the major Stuxnet attack in June 2010, governments have beefed up their security systems to protect against cyber attacks.While analysis of Duqu revealed parts identical to Stuxnet, suggesting it was written by the same authors or those who had access to Stuxnet's source code, Symantec calls the new worm highly sophisticated and cutting edge..
It is still unknown if Duqu is motivated by politics or state movements, but Symantec believes the virus is designed to gain remote access capabilities and gather data for future cyber attacks.
If it is the Stuxnet author, it could be that they have the same goal as before, said Symantec CTO Greg Day. But if code has been given to someone else they may have a different motive.
Iran was reportedly attacked by another computer virus in April, which it identified as Stars. Jalali did not state whether Stars was related to Stuxnet or Duqu, but he described Duqu as the third major virus to hit Iran.
On Nov. 8, the International Atomic Energy Agency released a report that claimed that Iran had been engaging in atomic activities with military dimensions, citing credible evidence. Iran denied the report, calling it full of lousy and dubious intelligence work. Iran's parliament announce Sunday it would review relations with the IAEA.
© Copyright IBTimes 2024. All rights reserved.