Feeds

Iran wrestles Duqu malware infestation

Son of Stuxnet cyberweapon makes landfall in Tehran

Beginner's guide to SSL certificates

Iran admitted on Sunday that unspecified computer systems in the country had been infected with the Duqu worm, a strain of malware similar to the infamous Stuxnet worm that sabotaged key nuclear plant systems in the country last year.

The head of Iran's civil defence organization told the official IRNA news agency that the outbreak was under control. "The software to control the [Duqu] virus has been developed and made available to organisations and corporations," Brigadier General Gholamreza Jalali said, AFP reports.

"The elimination [process] was carried out and the organisations penetrated by the virus are under control... The cyber-defence unit works day and night to combat cyber attacks and spy [computer] viruses," he added.

Duqu was discovered in early September by computer scientists at the Budapest University of Technology and Economics. Subsequent analysis by anti-virus analysts at Symantec, F-Secure and others revealed the malware was closely related to the earlier Stuxnet worm, albeit probably designed for a different purpose.

The worm, like Stuxnet, features a forged digital certificate and makes use of Windows zero-day exploits. But Stuxnet made use of three zero-day exploits, Duqu uses just one (a flaw involving the TrueType font parsing engine).

Stuxnet was designed to infect industrial control systems and narrowly focused on screwing up the operation of any high-speed centrifuges connected to these systems, such as the kit Iran uses to enrich uranium. While Stuxnet was designed for sabotage, Duqu appears to be built with reconnaissance in mind. The malware collects information from infected systems, possibly in preparation for future attacks.

Jalali described Duqu as the third virus to hit Iran following Stuxnet and the Stars worm it said it detected in April. It's unclear if Stars is also related to Stuxnet. Oddly, and rather suspiciously, samples of stars have not come into the possession of Western anti-virus firms, leading some to publicly question whether the malware was anything more than a propaganda ploy by Tehran. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.