Duqu shows up in Iran

Duqu, the successor to the Stuxnet worm, has attacked targets in Iran, according to an announcement by the head of Iran's civil defence organization, Gholam-Reza Jalali.

Keen to avoid the problems it had with the original Stuxnet worm, which attacked systems at an Iranian nuclear power station back in 2010, Iran has been jumping on the Duqu infection privately and in the media.

"We are in the initial phase of fighting the Duqu virus," Jalali told news agency Reuters. "The final report which says which organisations the virus has spread to and what its impacts are has not been completed yet."

Duqu was first detected by security outfit Symantec in October, which noticed the coding similarities to Stuxnet. While initially thought to be the offspring of the worm, Duqu now looks as if it could in fact be older than the earlier infection. A driver loaded by the exploit had a compilation date of August 31st 2007, hinting that the malware could have been worked on for at least four years.

Symantec also believes that Duqu would be a precursor to another Stuxnet-like attack, as it appears more bent on gathering data infection than anything else.

For those worried that they might be infected with the Duqu worm, fortunately the Budapest based Laboratory of Cryptography and System Security (CRYSYS) has released a detection tool that purportedly uses simple techniques "to find Duqu infections on a computer or in a whole network".

While CRYSYS does recommend that a security professional handles the search for signs of Duqu, the tool does give anyone a chance to check themselves for signs of the worm. The four executables in the download search for different types of infections and users are advised to follow up on any files that are flagged as suspicious.