Published November 14, 2011
Iranian officials admitted Sunday that they had uncovered evidence of the Duqu computer virus -- labeled "Son of Stuxnet" by cyber experts -- at the Islamic Republic's nuclear sites, state-controlled IRNA news agency reported.
"We are in the initial phase of fighting the Duqu virus," Gholamreza Jalali, was quoted as saying. "The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet."
Duqu is the second major weaponized virus to turn computers into lethal weapons with devastating destructive power.
The new program, discovered by Symantec in mid-October with the help of an unnamed research lab, uses much of the same code as the 2010 Stuxnet virus did. But instead of destroying the systems it infects, Duqu secretly penetrates them and, according to some experts, creates “back door” vulnerabilities that can be exploited to destroy the networks at any time its creators may choose.
The original Stuxnet malware was the culmination of a vast technical and espionage effort that had only one target in mind: the Iranian nuclear program. And is widely believed to be the work of the United States and Israel. Experts who looked at the program were amazed at its ability to penetrate Iran’s secure, highly protected security system and destroy it without being detected.
Its success set back the Iranian nuclear program for years.
Roel Schouwenberg, a senior researcher with security analysis firm Kaspersky, told Computerworld on Monday that the new revelations of attacks are not the first: Iran described similar attacks in April and pegged them to a virus it called "stars."
That was Duqu too, Schouwenberg said.
"We're convinced, in at least one of these Duqu attacks, that the keylogger Iran identified as Stars was actually the same as the one included with Duqu," he said.
According to Computerworld, Kaspersky blamed Iran for not sharing the Stars malware with other countries, a move that delayed the public disclosure of the threat.