Share this
Mister Wong
Digg
Del.icio.us
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Hear this text
Print
E-mail
Tags
Iran’s nuke-programme targeted again?
In the wake of a United Nations report that points out that Iran might be very close to producing a nuclear weapon and speculation that Israel might be planning a pre-emptive strike against Iran, news broke last week of what seems to be a second-generation of the computer virus which badly disrupted work at an Iranian nuclear enrichment plant about a year age.
Malware, based on the infamous Stuxnet, widely considered one of the world's most sophisticated viruses, has been discovered by computer scientists.
In a highly detailed report, Symantec says the malware, christened Duqu, (because it creates files with the file name prefix "~DQ") was uncovered in an organisation based in Europe.
- 02/12/2011 11:57 - Economic crime
- 02/12/2011 11:46 - Worth a read?
- 29/11/2011 12:34 - Euro crisis
- 28/11/2011 14:38 - Final word
- 22/11/2011 09:32 - New world order
- 15/11/2011 08:46 - Digital media
- 14/11/2011 15:44 - Fighting Piracy
- 14/11/2011 14:26 - Business risk
- 14/11/2011 13:56 - Final word
- 07/11/2011 15:13 - European crisis
Iranian officials admitted that they had uncovered evidence of the Duqu computer virus – labeled Son of Stuxnet by cyber experts – at the Islamic Republic's nuclear sites, state-controlled IRNA news agency reported.
"We are in the initial phase of fighting the Duqu virus," Gholamreza Jalali, was quoted as saying. "The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet."
Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time US officials said the worm’s unprecedented complexity and potential ability to physically sabotage industrial control systems — which run everything from water plants to the power grid in the US and in many countries around the world — marked a new era in cyber warfare.
Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the US and Israel were on a short list of possible culprits.
The Duqu-virus, using nearly identical parts of the Stuxnet-cyber weapon has also been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major US-based Symantec source said.
The new threat, discovered by a Europe-based research lab is not designed to physically affect industrial systems like Stuxnet was, but apparently is only used to gather information on potential targets that could be helpful in a future cyber attack, Symantec said in its report.
Duqu is designed to record key strokes and gather other system information at companies in the industrial control system field and then send that information back to whomever planted the bug, Symantec said.
If successful, the information gleaned from those companies through Duqu could be used in a future attack on any industrial control system in the world where the companies' products are used -- from a power plant in Europe to an oil rig in the Gulf of Mexico.
"Right now it's in the reconnaissance stage, you could say," Symantec Senior Director for Security Technology and Response, Gerry Egan, told ABC News. "[But] there's a clear indication an attack is being planned."
At least two other cyber security companies, F-Secure Security Labs and McAfee Labs have also analysed some Duqu-code and both came to the conclusion that they were dealings with something coming from the same source as Stuxnet.
“One thing for sure is the Stuxnet-team is still active …” McAfee says on its website.
Stuxnet is said to have cost the Iranians years of nuclear weapons progress, and now Duqu has been running amok in their systems since April. It’s a “remote access Trojan horse” virus that gives hackers access to infected systems.
Like Stuxnet, Duqu fools Windows into allowing it to work by exploiting a stolen digital certificate, taken from a company with headquarters in Taipei, Taiwan. Symantec says that certificate has now been revoked.
Once Duqu has been planted, it immediately starts to communicate with a command and control server based in India. It pulls down additional code such as an infostealer that can record keystrokes and collect other system information that it then sends back to the control server.
To avoid drawing attention to itself, Duqu's traffic looks exactly like normal Web traffic, passing JPEG images. However, bundled with the JPEG is the stolen data in an encrypted format. Then after 36 days if it hasn't been detected, Duqu will automatically remove itself from the system so that a compromised system may never know it had been attacked.
It is too early to tell whether or not we are seeing a next round of cyber warfare unfolding, but then one might never know for sure.
