Organisations infected by virus under control, claims defence official
Iran has said that a new software developed in the country is fighting the Duqu computer virus, after the cyber weapon was detected in some main sites.
The malware creates files with "DQ" in the prefix and has been dubbed Duqu.
Computer security company Symantec had first mentioned about the virus, which it said was similar to the Stuxnet worm that targeted Iran’s nuclear centrifuges last year.
"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility," Symantec had said in October.
"Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.
"Duqu is essentially the precursor to a future Stuxnet-like attack," Symantec said.
Stuxnet is a malware that targets control systems built by German firm Siemens. It is believed the Stuxnet virus was originally developed to disrupt Iran’s nuclear programme. Analysis by computer security experts has showed it exploited no fewer than four previously unknown vulnerabilities in Microsoft Windows to take over industrial control systems, making it more sophisticated than any virus seen before.
Stuxnet targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.
Once inside a Windows systems, the self-replicating code looks for connections to Siemens industrial control systems exploiting more vulnerabilities in the Siemens’ own operating system to make clandestine adjustments to industrial processes.
However, Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). Symantec said. "The threat does not self-replicate."
Soon, Russian security company Kaspersky Lab declared that Duqu and Stuxnet were different worms. Experts at the computer security firm have claimed to have found new instances of Duqu and tracked down a user in Sudan and three others in Iran using the cloud-based Kaspersky Security Network.
Now, Iran has officially announced that the country is fighting the malware.
The head of Iran’s civil defence organisation Gholamreza Jalali told the IRNA,"We are in the initial phase of fighting the Duqu virus.
"The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.
"All the organisations and centres that could be susceptible to being contaminated are being controlled," he said.
Jalali said Duqu is the third known malware to hit Iran, after Stuxnet and another virus dubbed ‘Stars.’
Jalali also said that organisations infected by the worm are under control.
"The elimination [process] was carried out and the organisations penetrated by the virus are under control … The cyber defence unit works day and night to combat cyber attacks and spy [computer] virus," he said.