Just when they thought it was safe to go back to building an A-Bomb, Iran may have to face a new computer worm designed to screw up its nuclear program. First there was the Stuxnet computer virus that wreaked havoc on Iran’s nuclear centrifuges. Then came STARS. Now comes “Duqu,”a spy worm that seems to be setting up the next attack on Iran’s nuke program.
Stuxnet is the virus which infected the computers running the Iranian nuclear centrifuges for almost two years causing them to be damaged. The job of the centrifuge is to purify Uranium so it could be used for reactors and/or weapons. Stuxnet “took control” of the centrifuge and spins them of control so they burn out. While no country has taken credit for Stuxnet, there is evidence that Israel is probably behind the computer worm…evidence of biblical proportions. Computer Scientists who were analyzing the Stuxnet virus file name that seemingly refers to the Biblical Queen Esther.
Last November, the UN said Iran had temporarily halted most of its uranium enrichment. It is clear that this cyber-attack has slowed down Iran’s march toward a nuclear weapon. Both the United States and Israel have pushed back their time-lines saying that Iran is now a few years away from achieving nuclear weapons.
Six Months ago the head of an Iranian civil defense organization announced the STARS virus. He said the so-called Stars virus is compatible with the targeted computer system, but he did not specify the target or what the virus might do. He said that Stars is part of a cyber-war against Iran’s nuclear program (you think?).
The latest virus is more of a spy than an attack:
Symantec (the maker of Norton) said in a report it was alerted by a research lab with international connections to a malicious code that “appeared to be very similar to Stuxnet.” It was named Duqu because it creates files with “DQ” in the prefix.
Symantec said samples recovered from computer systems in Europe and a detailed report from the unnamed research lab confirmed the new threat was similar to Stuxnet.
“Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose,” Symantec said. “Duqu is essentially the precursor to a future Stuxnet-like attack.”
Duqu does not take over computers the way Stuxnet did, it is a spy, it gathers data from industrial control system manufacturers so it could lunch attacks (or create another attack virus) by capturing information including keystrokes.
According to Michael Sconzo, a senior security officer at worldwide computer security company RSA, the new virus embeds itself in computer systems for 36 days and “analyzes and profiles” the system’s workings before sending its findings out to a a secure server and self destructing.
“It’s an intelligence operation,” he told FoxNews.com. “We still aren’t sure of all the things it looks for yet but it is a likely precursor to an attack. It is a Trojan horse.”
But he said its intention is to to allow its users to understand the inner workings of the targeted computer system to create malware that can attack the system.
According to a Russian Maleware expert Sergey Golovanov, Duqu was created by a sophisticated government security apparatus, the same one that came up with Stuxnet. He says their latest effort is their best.
“Right now we are pretty sure that is the next generation of Stuxnet,” Golovanov said in a telephone interview from Moscow on Friday. IT security firms are putting some regular threats, like botnets, on hold as they try to figure out what’s behind Duqu, considered the offspring of the Stuxnet worm.
….Unlike Stuxnet, which infected many systems but looked for a specific target, Duqu infects a very small number of very specific systems around the world, but may use completely different modules for infiltrating those separate systems. It is going undetected, for the most part.
If Duqu, like Stuxnet sets up the Iranian weapons program for more delays, then this hacker deserves a Nobel Peace Prize.