Andre Yoskowitz
14 Nov 2011 13:33
Iran has confirmed today that their computer defense systems have been hit by the super-virus dubbed "Duqu."
Last year, the "Stuxnet" worm successfully knocked out the Iranian nuclear centrifuges, the devices used to enrich uranium.
Says Gholamreza Jalali, the head of Iran's civil defense program:
We are in the initial phase of fighting the Duqu virus. The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet.
All the organisations and centers that could be susceptible to being contaminated are being controlled.
It is apparent to Symantec that the authors of this new threat had access to the Stuxnet source code, not just Stuxnet binaries.
Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.
The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility. Thus, Duqu is essentially the precursor to a future Stuxnet-like attack.