Security researcher says Iran to blame for its own Duqu infections
Country's refusal to share 'Stars' sample in April gave attackers half-year head start, says expert
Computerworld - An Iranian government official yesterday acknowledged that the Duqu attacks had infected computers in the country but claimed that the Trojan was "under control," according to a report by a state-run news agency.
In response, an antivirus researcher blamed Iran for giving hackers a half-year's free hand with Duqu, saying that Iran's policy of not sharing samples delayed the detection of the malware and the patching of the Windows zero-day it exploited.
On Sunday, Brigadier General Gholamreza Jalali told the official IRNA news agency that some computers in Iran had been infected with Duqu, that possible targets were being checked for infections, and that the country's specialists had crafted defenses against the Trojan.
Jalali heads Iran's Passive Defense Organization, a military unit responsible for constructing and defending the country's nuclear enrichment facilities. He is a former commander in Iran's Revolutionary Guard.
"The software to control the (Duqu) virus has been developed and made available to organizations and corporations [in Iran]," Jalali told IRNA, according to translations of the original story by Western news outlets. "The elimination (process) was carried out and the organizations penetrated by the virus are under control."
Iranian officials made similar statements last year about the Stuxnet worm, an ultra-advanced piece of malware that most analysts believe was aimed at Iran's budding nuclear program.
Some security experts, including researchers at Symantec, have said that Duqu may be a precursor to another Stuxnet -- the two share several similarities -- although the former seems designed for reconnaissance and data theft, not for an attack on physical facilities.
Moscow-based Kaspersky Lab suspects that Iran was hit with Duqu in April 2011.
"Most probably, the Iranians found a keylogger module that had been loaded onto a system ... [and] it's possible that the Iranian specialists found just the keylogger, while the main Duqu module and the dropper, including the documents that contained the then-unknown vulnerability, may have gone undetected," Kaspersky noted last Friday.
Like most malware, Duqu is composed of several pieces, including an exploit of a Windows kernel-mode driver vulnerability, a "dropper" that loads additional malicious code, a keylogger -- which harvests usernames and passwords -- and a data theft component.
The keylogger bundled with a Duqu variant that Kaspersky obtained from Sudanese researchers contained a photograph of a far-away galaxy, which may have been the genesis of Iran's naming the malware as Stars. The attack against the Sudanese target was also conducted in April 2011.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts