November 14, 2011, 12:11 PM — The head of Iran's civic defense organization told a government-controlled news agency that digital security scans had found the Duqu virus infecting some systems in the country, but that the infection was under control.
Brigadier General Gholamreza Jalali said Sunday that all Iran's critical military and research sites were being scanned for further infections, but that the first contaminations were contained and on the way to being eliminated using antivirus software developed by Iranian cybersecurity teams.
"The software to control the (Duqu) virus has been developed and made available to organisations and corporations" in Iran, according to the official IRNA news agency.
"The elimination (process) was carried out and the organizations penetrated by the virus are under control ... The cyber defense unit works day and night to combat cyber attacks and spy (computer) virus," he added.
Duqu, discovered by the Laboratory of Cryptography and System Security (CrySyS) in Budapest in October appears to be the next-generation version of Stuxnet, the militarized virus discovered while attacking Iranian nuclear-fuel development facilities in 2010.
Duqu appears to be designed more as a pure espionage tool, however, rather than one intended to penetrate and sabotage industrial systems, according to analyses by Symantec, Kaspersky Labs and other security firms.
It is also a shape-shifter that is changed by its authors for each new site it attacks, and reconfigures itself on the fly by adding new modules, changing the processes it infects and the way it communicates with its command-and-control servers.
Iranian nuclear development facility. Reuters/Raheb Homavandi