Feeds

Iran wrestles Duqu malware infestation

Son of Stuxnet cyberweapon makes landfall in Tehran

The Power of One eBook: Top reasons to choose HP BladeSystem

Iran admitted on Sunday that unspecified computer systems in the country had been infected with the Duqu worm, a strain of malware similar to the infamous Stuxnet worm that sabotaged key nuclear plant systems in the country last year.

The head of Iran's civil defence organization told the official IRNA news agency that the outbreak was under control. "The software to control the [Duqu] virus has been developed and made available to organisations and corporations," Brigadier General Gholamreza Jalali said, AFP reports.

"The elimination [process] was carried out and the organisations penetrated by the virus are under control... The cyber-defence unit works day and night to combat cyber attacks and spy [computer] viruses," he added.

Duqu was discovered in early September by computer scientists at the Budapest University of Technology and Economics. Subsequent analysis by anti-virus analysts at Symantec, F-Secure and others revealed the malware was closely related to the earlier Stuxnet worm, albeit probably designed for a different purpose.

The worm, like Stuxnet, features a forged digital certificate and makes use of Windows zero-day exploits. But Stuxnet made use of three zero-day exploits, Duqu uses just one (a flaw involving the TrueType font parsing engine).

Stuxnet was designed to infect industrial control systems and narrowly focused on screwing up the operation of any high-speed centrifuges connected to these systems, such as the kit Iran uses to enrich uranium. While Stuxnet was designed for sabotage, Duqu appears to be built with reconnaissance in mind. The malware collects information from infected systems, possibly in preparation for future attacks.

Jalali described Duqu as the third virus to hit Iran following Stuxnet and the Stars worm it said it detected in April. It's unclear if Stars is also related to Stuxnet. Oddly, and rather suspiciously, samples of stars have not come into the possession of Western anti-virus firms, leading some to publicly question whether the malware was anything more than a propaganda ploy by Tehran. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.