Pages

Sunday, November 13, 2011

Iran admits it was attacked by Duqu virus

From Reuters:
Iran said on Sunday it had detected the Duqu computer virus that experts say is based on Stuxnet, the so-called "cyber-weapon" discovered last year and believed to be aimed at sabotaging the Islamic Republic's nuclear sites.

The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus.

"We are in the initial phase of fighting the Duqu virus," Gholamreza Jalali, was quoted as saying. "The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet.

"All the organizations and centers that could be susceptible to being contaminated are being controlled," he said.

News of Duqu surfaced in October when security software maker Symantec Corp said it had found a mysterious virus that contained code similar to Stuxnet.
Iran's PressTV says:
Iran has developed a software program that can “control” the newly discovered Duqu spyware, the director of Iran's Passive Defense Organization has announced.

“The software, capable of controlling this virus (Duqu), has been provided to organizations and institutions,” IRNA quoted Brigadier General Gholamreza Jalali as saying on Sunday.

The Duqu malware has reportedly infected a number of systems in Iran.

“All of the centers and apparatuses suspected of being infected with the virus are under control,” Jalali said, adding that countering and cleansing processes have been carried out at the infected institutions.
It is unclear what exactly Iran is claiming. Microsoft has been unable to create a patch for the exploit being used by Duqu yet, but it did release a workaround.

Duqu installs a Trojan that steals data from machines, seemingly as a precursor for a much bigger attack. It seems to have a lot of code in common with Stuxnet which is widely believed to have been written by a nation-state to attack Iran's nuclear program.