Iran announced today that the new computer worm Duqu has infected a number of systems in the country, but a software program to “control” it has already been developed and distributed to affected installations [IRNA, 14 November]. The Duqu malware is believed to share code base with the Stuxnet. The latter is believed to have caused major damages at the country’s nuclear facilities. It was not known if the new worm was also targeting those same installations. Duqu was discovered on 1 September at a University of Budapest laboratory.
In an address to a government-sponsored nuclear disarmament conference in Tehran on Monday, Ali Bagheri, the deputy director of Iran’s national security council, called on IAEA to open an investigation on the Stuxnet attack on the country’s nuclear facilities and the people behind the attack. Bagheri called the attackers “nuclear terrorists.” [Xinhua, 14 June].
Bagheri’s request was in effect the highest-level official announcement that the Stuxnet worm had infected the computers at Iran’s nuclear facilities. Iran’s Ministry of Foreign Affairs had previously denied reports that Stuxnet had affected the nuclear computer systems. The computer worm is specifically written to attack Windows-based SCADA systems which are used to control and monitor industrial processes, including those used in nuclear facilities.
Computer security software company Symantec today said it could not verify Iran’s claims of new worm, dubbed ‘Stars’ by the commander of civil defense force of Iran. The company’s security response group has not found an example of the worm.
"Generally, samples of malware do get traded among security vendors," said Kevin Haley, the director of Symantec's security response group. ”Iran makes this a little more difficult, because we have no direct relationships there," added Haley. "But perhaps someone else does" [Computerworld, 26 April].
No other security vendor, including Helsinki-based F-Secure and UK’s Sophos, has stepped forward to say it has a copy of Stars. It's possible that Stars was not a targeted attack aimed at Iran, but simply part of a more traditional broad-based assault, said Haley.
"It could be a mass attack that got through their defenses," Haley said. "That could have raised the alarm. They're already paranoid about attacks."
"We can't tie this case to any particular sample we might already have," said Mikko Hypponen, F-Secure's chief research officer. "We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack." [Computerworld, 26 April].
Graham Cluley, a senior security technology consultant at Sophos, also said his company had not been able to identify the malware.
Iran has been hit with new computer virus named ‘Stars.’ Mehr News Agency quoted commander of Iran’s civil defense force Qolam Reza Jalali that the experts were still investigating the scope of the malware’s capabilities and damages caused. Jalali did not disclose the targets and the dates of the attack.
"Certain characteristics about the 'Stars' virus have been identified, including that it is compatible with the system," Jalali said. "In the initial stage, the damage is low and it is likely to be mistaken for governmental executable files," he added [Mehr News Agency, 25 April].
In December, Iran admitted the country’s uranium enrichment plant in Natanz had been the victim of the computer worm Stuxnet.
"Confronting the Stuxnet virus does not mean that the threat has been fully removed, since viruses have a certain life span and it is possible that they continue their activity in a different form," Jalali commented.
The Commander of Civil Defense Organization of Iran Qolam Reza Jalili today said in Tehran that the US and Israel were behind the computer worm Stuxnet attacks on the nuclear facilities in the country.
Jalili becomes the first Iranian official to accuse the US and Israel over the Stuxnet attacks. The Bushehr nuclear power plant was reportedly among the targets, where several technical problems have been blamed for delays in getting the facility fully operational.
Jalali said once the worm mounts on a system, it begins to gather information and then sends reports from the infected machines to designated Internet addresses.
"Investigations and studies show that the source of Stuxnet originates from America and the Zionist (Israel) regime," Jalali, said. "After following up the (Stuxnet-generated) reports that were sent out, it became clear that the final destinations were the Zionist regime and the American state of Texas," he added [IRNA, 16 April].
Iran’s Atomic Energy Organization (AEOI) today confirmed reports that it would be removing fuel from the Bushehr nuclear reactor, signaling a serious problem developing in the plant, delaying its startup. Iran's ambassador to IAEA, Ali Asghar Soltanieh, told the Iranian news agency ISNA that Russian engineers who build the plant had advised that the fuel be unloaded for test.
"Based on Russia's request to run tests and technical measures, the fuel will be unloaded from the core of the reactor and will be returned to it after completion of the tests," Soltanieh said [ISNA, 26 February].
Last month, citing the adverse affects of Stuxnet computer worm on Bushehr’s safety, the Russians raised serious concerns over starting up the power plant in April as scheduled. The removal of the fuel indicates that Stuxnet may have caused serious harm to the 1,000-megawatt reactor.
IAEA, which mentioned the fuel problem in its report on Friday, would now supervise the fuel unloading procedure, Soltanieh said.
Iran’s acting foreign minister and atomic energy chief said in Tehran on Thursday that the Bushehr nuclear reactor will go online on 9 April.
”We hope that on Farvardin 20 (April 9) we will witness the connection of the plant to the national grid,” Salehi said. “We have said before that due to some tests, we may have face delays but these delays are around a week or two,” he added.
Salehi again reiterated that the computer worm Stuxnet had not entered the “main systems” at Bushehr and that Iranian engineers are “pursing work with the Russians while observing all the safety issues.”
Salehi’s comments on safety issues and cooperation with the Russians was apparently in response to a strong warning by Russia that Stuxnet attack on Bushehr could have triggered a nuclear disaster on the scale of Chernobyl.
"This virus, which is very toxic, very dangerous, could have very serious implications," said Dmitry Rogozin, Russia's ambassador to NATO on Thursday [AFP, 27 January].
Rogozin described the virus's impact as being like explosive mines. “These 'mines' could lead to a new Chernobyl,” he added.
Iranian officials have confirmed the Stuxnet virus hit staff computers at the Bushehr plant but have said it had not affected major systems.
Iran's chief nuclear negotiator Saeed Jalili accused the US for cyberattack on his country’s nuclear facilities. In an interview with NBC News on Monday, Jalili said the Stuxnet did not wreak as much damage as the media (The New York Times) have reported.
"Those who have done that could see now that they were not successful in that and we are following our success," Jalili said.
Jalili’s comments came after The New York Times reported that US and Israeli intelligence services collaborated to develop the destructive computer worm in a bid to sabotage Iran's nuclear program.
Jalili expressed optimism that despite the differences with the West, progress could be made at the talks between Tehran and six world powers due to get underway on Saturday in Istanbul. But he added that Iran will not bow to demands to halt its uranium enrichment activities and repeated Iran’s position that the country was not planning to build a bomb.
"We frankly and bluntly mentioned that nuclear weapons are illegitimate and inefficient and they could not help those countries that have the nuclear weapons," Jalili said.
According to a report published in today’s issue of The New York Times, Israel tested the effectiveness of Stuxnet worm on centrifuges virtually identical to those used at Iran’s uranium enrichment facility in Natanz and the destructive worm has since wiped out a fifth of Natanz centrifuges, delaying Iran’s nuclear program and its ability to build a bomb. The report strongly suggests that the virus was designed as an Israeli-American project to sabotage the Iranian program.
The worm itself was designed to send the Iranian centrifuges “spinning widely out of control,” the report says. The worm was also designed to “secretly record” Natanz normal operations and plays back the readings to Natanz operators so it would appear that “everything was operating normally” while the centrifuges were spinning out of control.
To read the entire Times article, click here.
Stuxnet is a malicious software code that is attacking industrial control systems, altering their codes, and allowing the attacker(s) to gain control of the physical machinery and equipment within a plant. Microsoft has estimated that Stuxnet has infected 45,000 computers by August.
The Iranian government has denied published reports that the advanced cyber worm “Stuxnet” has compromised the computers at the country’s first nuclear reactor in Bushehr. Iranian Foreign Ministry Spokesman Ramin Mehmanparast told reporters in Tehran today that the report was part of propaganda against Iran.
