Computer worm enabled spying on Iran talks: researchers

A computer worm designed to gather foreign intelligence and widely linked to Israel was used to spy on negotiations with Iran on curtailing its nuclear program, security researchers said today.
A report by the Russian-based security firm Kaspersky Lab said it discovered the malware dubbed Duqu lurking in its own internal networks and linked the effort to intelligence gathering on the 2014-15 talks with Tehran.
Duqu, which was believed to have been eradicated in 2012, is a sophisticated spy tool similar to the Stuxnet virus.
"The Duqu threat actor went dark in 2012 and was believed to have stopped working on this project -- until now," Kaspersky said in a blog post.

"Our technical analysis indicates the new round of attacks include an updated version of the infamous 2011 Duqu malware, sometimes referred to as the stepbrother of Stuxnet."
The Stuxnet computer virus, believed to have been developed by the United States or Israel in order to contain threats from Iran, dates back at least to 2007, according to researchers.

Kaspersky researchers said the latest version of Duqu was difficult to detect because it did not change any system settings on computer networks.
The researchers first found the malware on their own systems and then discovered it was targeting victims in Western countries, the Middle East and Asia.

"Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal," the company said in a statement.
"The threat actor behind Duqu appears to have launched attacks at the venues where the high level talks took place."
In addition Duqu 2.0 was used to conduct surveillance on politicians and dignitaries attending the 70th anniversary event of the liberation of the Auschwitz-Birkenau concentration camp, according to Kaspersky.
"Besides intellectual property theft, no additional indicators of malicious activity were detected," the statement said.
"The analysis revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, ongoing research and internal processes. No interference with processes or systems was detected."

The Wall Street Journal, which reported the findings earlier today, said Kaspersky's research backs its earlier reports that Israel was spying on the nuclear talks.