political writings

Français    English    Italiano    Español    Deutsch    عربي    русский    Português

Iran Stops Israeli Duqu Virus Attack

Iran’s defense computer systems have been able to identify and control a "supervirus" similar to the one the US and Israel created to damage Tehran’s nuclear program last year, officials in Tehran said.

15 November 2011

Anti-virus experts have identified a virus called Duqu that they said shared properties with the Stuxnet worm apparently created by Mossad, the Israeli security service. It was thought to have targeted the nuclear program’s centrifuges, the devices that enrich uranium to create nuclear fuel.

Iran has confirmed some of its computer systems were infected with the Duqu trojan, but said it has found a way to control the malware.

Security organizations had previously identified Iran as one of at least eight countries targeted by the code.

The spyware is believed to have been designed to steal data to help launch further cyber attacks.

The sender has not been identified, but researchers have found a reference to a US television program in Duqu’s code.

"We are in the initial phase of fighting the Duqu virus," said Gholamreza Jalali, the head of Iran’s civil defense organization.

"The software to control the virus has been developed and made available to organizations and corporations," Jalali added.

"All the organizations and centers that could be susceptible to being contaminated are being controlled."

"The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet."

Mossad and other Western intelligence agencies have made no comment on sabotage operations against Iran, but the US and Israeli leaders never hide their pleasure in anti-Iran moves, irrespective of their nature.

The Stuxnet virus alter the speed at which the enrichment centrifuges spin until they go out of control. It was so sophisticated that experts said it must have been the work of an advanced, probably national, sabotage program. Duqu operates differently, though using some of the same code to infiltrate computers, sending back information to its handlers rather than breaking down systems. The virus was spread through an infected Microsoft Word document.

Symantec, the computer security firm, which has led investigations into Stuxnet and Duqu, said the new virus seemed to be intended to gain remote access to computer systems.

"The authors had access to the Stuxnet source code," Symantec said. "The attackers are looking for information such as design documents that could help mount an attack on an industrial control facility. Duqu is essentially the precursor to a Stuxnet-like attack."

Fars New Agency - 2011-11-15