Duqu - the latest IT security threat aimed at Iran

According to security experts, the sole purpose of Duqu is to gather intelligence for potential attackers which could be used in the future, rather than do specific damage itself. This is what sets Duqu apart from the Stuxnet worm, although it is not a reason to fear it any less.

"Stuxnet opened the door to malware having profound political and social ramifications. While there is still much to be learned from the complexity of this threat, Stuxnet has already changed the way researchers approach malware and view the security threat landscape." says Bulent Teksoz, chief security strategist for Emerging Markets with Symantec.

"While Duqu does not directly target industrial control systems, its discovery has reignited fears about cyberattacks targeted at power plants, water treatment facilities, and chemical plants. Considering the history of Stuxnet, the potential of the same attackers, and currently known targets, we urge industrial control system manufacturers and any other organisations that provide solutions to industrial facilities to audit their network for Duqu," he adds.

Duqu not the same type of threat as Stuxnet

Duqu cannot be described as a worm like Stuxnet, as it does not self -replicate. The manner in which it operates means it is best described as a remote access Trojan. It is configured to run for 30 or 36 days, after which point it automatically removes itself from the system which it has infected.

The fact that the virus has so many similarities to Stuxnet means there are those in the industry who have speculated that it shares the same creators with the worm. Stuxnet was labelled the first 'cyber weapon' and caused fears from governments and companies alike. Worryingly, there is no indication of who is behind the virus and no indication that catching the criminals is a real possibility.

Kaspersky Lab recently revealed that it had found new previously unknown Duqu files. Alexander Gostev, chief security expert at Kaspersky Lab says: "This confirms our suspicions that the people behind Duqu are continuing their activity, and their attacks, unlike the mass infections by Stuxnet, target carefully selected victims."

"A unique set of files is used for every targeted attack. It is also possible that other modules are used, and not just a Trojan-Spy but modules with a range of other functions," he adds.

Duqu's customised threats worry experts

The fact that Duqu is customised for specific targets reveals both the sophistication of those behind it and the importance of the targets, the most high profile of which has been in Iran.

Earlier in the month Iran revealed it had caught and controlled the Trojan, developing software which was then distributed to organisations and corporations inside Iran which were under threat. Brigadier General Gholamreza Jalali, head of Iran's civil defence body, was quoted as saying by IRNA: "All the organisations and centres that could be susceptible to being contaminated are being controlled."

References to American culture found in attacks

Vague references to American culture have heightened the suspicions of Iranian officials. One of the emails in which the threat was found, was sent from an individual names as Mr B Jason, which Kaspersky Lab believes was a reference to the Jason Bourne spy thrillers. A further, clearer, reference was made to the American TV show Dexter.

It was last year when Iran first complained of cyber attacks on its nuclear facilities. This was through the Stuxnet worm and Iran laid the blame firmly at the feet of the West. In April this year Iran reported a second attack, with a piece of malware called 'Stars'. Stars was a key logging programme, which are capable of taking screenshots and capturing passwords.