|
- Iran: Eight Prisoners Hanged on Drug Charges
- Daughter of late Iranian president jailed for ‘spreading lies’ - IRAN: Annual report on the death penalty 2016 - Taheri Facing the Death Penalty Again - Dedicated team seeking return of missing agent in Iran - Iran Arrests 2, Seizes Bibles During Catholic Crackdown
- Trump to welcome Netanyahu as Palestinians fear U.S. shift
- Details of Iran nuclear deal still secret as US-Tehran relations unravel - Will Trump's Next Iran Sanctions Target China's Banks? - Don’t ‘tear up’ the Iran deal. Let it fail on its own. - Iran Has Changed, But For The Worse - Iran nuclear deal ‘on life support,’ Priebus says
- Female Activist Criticizes Rouhani’s Failure to Protect Citizens
- Iran’s 1st female bodybuilder tells her story - Iranian lady becomes a Dollar Millionaire on Valentine’s Day - Two women arrested after being filmed riding motorbike in Iran - 43,000 Cases of Child Marriage in Iran - Woman Investigating Clinton Foundation Child Trafficking KILLED!
- Senior Senators, ex-US officials urge firm policy on Iran
- In backing Syria's Assad, Russia looks to outdo Iran - Six out of 10 People in France ‘Don’t Feel Safe Anywhere’ - The liberal narrative is in denial about Iran - Netanyahu urges Putin to block Iranian power corridor - Iran Poses ‘Greatest Long Term Threat’ To Mid-East Security |
Thursday 22 March 2012Reworked version of Stuxnet found in Iran
msnbc.com -- A new variant of the mysterious Duqu worm has been spotted in Iran by researchers from the security firm Symantec, marking the re-emergence of the close cousin of the Stuxnet cyberweapon after five months of dormancy. The finding indicates that the unknown creators of Stuxnet — suspected by many to be the intelligence services of the U.S., of Israel or of both — are still at work. In a Symantec blog posting Tuesday, the company identified a new component of the malware, a driver used to load Duqu onto computers when they restart. Analyzing the driver's code —"only one small part of the overall attack code" — Symantec's researchers found that the malware authors had reworked it to better evade detection by security products. Duqu's builders also changed its encryption algorithm and rigged the malware loader to pose as a Microsoft driver. (The old driver was signed with a stolen Microsoft certificate.) "Although we do not have all of the information regarding this infection, the emergence of this new file does show that the attackers are still active," Symantec wrote. First discovered in September 2011, but bearing code indicating it was created in 2007, Duqu is closely related to the Stuxnet worm, which in the summer of 2010 infected and crippled Iran's Natanz nuclear-fuel processing facility. Duqu's true intentions are unclear. Some security experts believe it is designed to steal data from critical industrial-control systems in Iran and Europe, similar to the energy facilities Stuxnet targeted; others believe it is meant to the steal authentication certificates that websites use to verify their identities. Whatever its intent, countries including Iran, Sudan, India, Vietnam, Ukraine, Switzerland, France and the Netherlands have confirmed Duqu infections. Just days ago, researchers at another security firm, Kaspersky Lab, identified the mysterious programming language used to create part of Duquafter appealing to the larger security community for help. The latest Duqu component, Symantec said, was complied Feb. 23, indicating it hasn't been in the wild for very long. The last unique version of Duqu that Symantec had previously spotted was compiled on Oct. 17, 2011. Dennis Fisher from Kaspersky Lab, which has spent numerous hours studying Duqu, wrote in a blog posting March 20 that, based on the new Duqu variant, it appears that the worm is specifically tailored to each target. "Rather than writing one piece of malware and spreading it to a large potential victim base, the crew behind Duqu had a small, specially selected group of targets, each of which got its own specifically crafted component and drivers," Fisher wrote.
Previous News :
Foreign Ministry staff goes on virtual tour of Iran
Next news : Iran Seeks to Import Farm Commodities From India 
|
