Tuesday, November 15, 2011

Duqu computer virus Detected by Iran civil defense organization

          The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora’s Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being checked and that Iran had developed software to combat the virus.

          First, Duqu is not deigned to harm industrial automation. The software basically attacks windows systems. Instead of sabotaging industrial control, Duqu has been general remote access capabilities. Duqu has a key logger and can save passwords etc.. The malware uses HTTP and HTTPS to communicate to a command and control (C&C) server at 206.183.111.97, which was hosted in India, the IP is inactive as of October 18th. Duqu infiltrates systems directly it is not a worm like Stuxnet and needs to be placed directly, e.g. through infected mails.
"We are in the initial phase of fighting the Duqu virus. The final report which says which organizations the virus has spread to and what its impacts are has not been completed yet. All the organizations and centers that could be susceptible to being contaminated are being controlled.

So far Duqu was found on less than 10 computers from European companies, which are developing industrial control software, according to a Symantec-Analyst. The software is programmed to remove itself automatically after 36 days. The complete set up: Invades target (not wormlike), spies out passwords, and removes itself – hopefully without being detected – seems like Duqu actually prepares an attack. This is also assumed by F-secure, “it’s possible we'll eventually see a new attack targeting PLC systems, based on the information gathered by Duqu.”

0 comments:

Post a Comment