Symantec Claims New Virus Preyed On Iran's Nuclear Program
October 20, 2011

Symantec Claims New Virus Preyed On Iran’s Nuclear Program

U.S. security firm Symantec warned this week that a new virus called "Duqu" is believed to have preyed on Iran's nuclear program.

The security firm said the new virus is similar to Stuxnet but is designed to gather intelligence for future attacks on industrial control systems.

The Duqu received its name because it creates files with the file name prefix "DQ".

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," Symantec said in a statement. "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party.

The security firm said the virus had been aimed at specific organizations for the purpose of obtaining their assets.

"The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility," Symantec said in a statement.

The company said it had been alerted to the threat on October 14 by a lab with "strong international connections."

Duqu may have been in use since December last year.  The virus is programmed to remove itself from infected systems after 36 days, so no one is sure how many firms have been targeted or how much confidential data has been stolen.

The Stuxnet virus was designed to attack computer control systems made by German industrial giant Siemens and used to manage water supplies, oil rigs, power plants and other infrastructures.


On the Net: