Iranian officials have confirmed that the Stuxnet-like Duqu virus hit computers in the country, but said a fix is being provided to those affected.
IRNA, the Iranian news agency, quoted Gholamreza Jalali, head of Iran's civil defense body, as saying that companies and agencies that might have been hit "are being controlled," according to the BBC.
"The software to control the virus has been developed and made available to organizations and corporations," Jalali told IRNA.
Iranian officials are still working on a "final report" about the attacks, BBC said.
Reports of Duqu first emerged in October when international security researchers alerted Symantec about a virus that was similar to Stuxnet but was intended to gather information rather than sabotage certain systems.
"Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers," Symantec said in a blog post. "The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."
Symantec said Duqu is a "precursor to a future Stuxnet-like attack" and was authored by the same people as Stuxnet, or at least by those who had access to Stuxnet source code.
In a Friday blog post, Kaspersky Labs said that recent evidence suggests work on Duqu could date as far back as 2007, and that attackers are creating custom files for each individual attack.
"Duqu infections are multi-stage operations, but they begin much like many others: with a targeted phishing email. In the cases analyzed by researchers at Kaspersky Lab, the email contains a Word file that includes the exploit code," Kaspersky's Dennis Fisher wrote. "Once a victim opens the file, the exploit fires in the background and begins the installation process. The malware becomes resident in the machine's memory, but it doesn't actually do anything for a few minutes, until the user goes idle. When that happens, the shellcode, which is contained in an embedded font called Dexter Regular, starts its work."
Kaspersky chief malware expert Aleks Gostev has more details in a separate blog post.
Stuxnet made headlines last year when security experts warned that the sophisticated bug could put the nation's critical infrastructure at risk. The Windows-specific computer threat, however, appeared to target Iranian nuclear facilities and infected tens of thousands IP addresses in the country. A similar threat, known as the Stars virus, also appeared in April.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
No hay comentarios:
Publicar un comentario