Iranian defense systems hit by 'Duqu' super virus

Andre Yoskowitz
14 Nov 2011 13:33

Iran has confirmed today that their computer defense systems have been hit by the super-virus dubbed "Duqu."
Last year, the "Stuxnet" worm successfully knocked out the Iranian nuclear centrifuges, the devices used to enrich uranium.

Says Gholamreza Jalali, the head of Iran's civil defense program:

We are in the initial phase of fighting the Duqu virus. The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.

All the organisations and centers that could be susceptible to being contaminated are being controlled.

Duqu, unlike Stuxnet which actually altered the speed of the centrifuges causing them to break down, seems to be aimed at gaining remote access to computer systems.

Security firm Symantec had this to say about Duqu (via The Telegraph):

It is apparent to Symantec that the authors of this new threat had access to the Stuxnet source code, not just Stuxnet binaries.

Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Thus, Duqu is essentially the precursor to a future Stuxnet-like attack.