Feeds

Iran wrestles Duqu malware infestation

Son of Stuxnet cyberweapon makes landfall in Tehran

Protecting against web application threats using SSL

Iran admitted on Sunday that unspecified computer systems in the country had been infected with the Duqu worm, a strain of malware similar to the infamous Stuxnet worm that sabotaged key nuclear plant systems in the country last year.

The head of Iran's civil defence organization told the official IRNA news agency that the outbreak was under control. "The software to control the [Duqu] virus has been developed and made available to organisations and corporations," Brigadier General Gholamreza Jalali said, AFP reports.

"The elimination [process] was carried out and the organisations penetrated by the virus are under control... The cyber-defence unit works day and night to combat cyber attacks and spy [computer] viruses," he added.

Duqu was discovered in early September by computer scientists at the Budapest University of Technology and Economics. Subsequent analysis by anti-virus analysts at Symantec, F-Secure and others revealed the malware was closely related to the earlier Stuxnet worm, albeit probably designed for a different purpose.

The worm, like Stuxnet, features a forged digital certificate and makes use of Windows zero-day exploits. But Stuxnet made use of three zero-day exploits, Duqu uses just one (a flaw involving the TrueType font parsing engine).

Stuxnet was designed to infect industrial control systems and narrowly focused on screwing up the operation of any high-speed centrifuges connected to these systems, such as the kit Iran uses to enrich uranium. While Stuxnet was designed for sabotage, Duqu appears to be built with reconnaissance in mind. The malware collects information from infected systems, possibly in preparation for future attacks.

Jalali described Duqu as the third virus to hit Iran following Stuxnet and the Stars worm it said it detected in April. It's unclear if Stars is also related to Stuxnet. Oddly, and rather suspiciously, samples of stars have not come into the possession of Western anti-virus firms, leading some to publicly question whether the malware was anything more than a propaganda ploy by Tehran. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.