Iran Fights Off Duqu Malware Attack

The Islamic Republic of Iran has publicly confirmed that its computer systems were targeted by the Duqu worm, but claims to have successfully “controlled” the attack.

The admission came in an official Iranian statement, and it is not clear at the time of writing whether Duqu also struck Iran’s nuclear facilities.

“We are in the initial phase of fighting the Duqu virus,” Brigadier General Gholamreza Jalali, the head of Iran’s civil defence programme, was widely quoted as saying.

Attack Controlled

But Iran also claimed that it had found a way to “control” Duqu.

“The software to control the (Duqu) virus has been developed and made available to organisations and corporations” in Iran, Jalali told the official Iranian IRNA news agency.

“The elimination (process) was carried out and the organisations penetrated by the virus are under control … The cyber defence unit works day and night to combat cyber attacks and spy (computer) virus,” he said, adding that a final report into the attack was been organised.

Third Malware Attack

This is not the first time that Iran has been attacked by malware. The best known previous attack was with the Stuxnet worm, which compromised several industrial control systems at Iran’s Natanz nuclear facility last year.

Security firm Symantec has revealed that Duqu is similar to Stuxnet, which is capable of attacking and crippling industrial control systems made by German industrial giant Siemens. Last month Indian authorities seized hard drives from a server linked with the Duqu worm.

Stuxnet was considered one of the most sophisticated pieces of malware ever developed, and observers believe Iran’s nuclear program was set back a number of years by the malware attacks.

After Stuxnet, in April 2011 officials said the country’s facilities had been targeted again by a second piece of malware dubbed “Stars”.

Malware Author

Speculation has been ongoing about who actually developed Stuxnet, Stars, and Duqu, and whether a nation state was behind the worm, which takes advantage of a previously unknown Microsoft Windows kernel zero-day vulnerability, so it can plant malicious code in the heart of a computer system. Microsoft has subsequently issued a temporary Duqu workaround.

In January the New York Times reported that US and Israeli intelligence services had collaborated to develop Stuxnet in order to sabotage Iran’s efforts to make a nuclear bomb.

Whatever the truth, the malware attacks come at a time of heightened tension with Iran. A report last week from the International Atomic Energy Agency said that there was “credible evidence” that there were “military dimensions” to Iran’s atomic activities.