Iran Battling Duqu Malware, Official Admits

The next Stuxnet or just more malware?

The Duqu malware, linked by some experts to last year's notorious Stuxnet attacks, has struck Iran an official in the country has told local news sources.

The scale of the attack is unclear, but looks to be on a much smaller scale than Stuxnet in 2010, which many experts have convinced themselves was part of a concerted targeted attack on Iran's nuclear programme.

"We are in the initial phase of fighting the Duqu virus," Brigadier General Gholamreza Jalali told an Iranian news agency. "The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet."

"All the organisations and centres that could be susceptible to being contaminated are being controlled," he said. Iran was countering Duqu using security unspecified home-grown software, Jalali added without blaming any outside agency for the attack.

"The elimination was carried out and the organisations penetrated by the virus are under control. The cyber-defence unit works day and night to combat cyberattacks."

The provenance of Stuxnet, and now Duqu, is still mysterious. Both are sophisticated, highly targeted in what are relatively esoteric layers of software, and yet security vendors have found it difficult to agree on their real significance. Russia - an ally of Iran - has allowed its officials to pin the blame for Stuxnet on Israel and the US.

The company leading the charge on making connections between Stuxnet and Duqu has been Symantec, which characterised the latter as a more general information-stealing Trojan. Dell SecureWorks, by contrast, was less convinced that the two were the work of the same attackers. Several countries are known to have been affacted by Duqu.

If Stuxnet was hugely suspicious, Duqu is simply odd. Featuring programming elements that appear to be as much as four years old, a key element of its success was its ability to exploit an unusual zero-day Windows kernel vulnerability connected to opening Microsoft Word documents.

Kernel flaws in Windows are a rare occurrence these days mainly because criminals have moved to hunting for easier-to-find and exploit holes in browsers.

Regardless, Stuxnet and perhaps now also Duqu have been awarded the status of being the first significant examples of 'political malware', that is software believed to have been designed to attack the infrastructure of only one country and its allies.

Copyright © 2011 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)