Alleged Israeli virus does much more than eavesdrop

Hacker; Photo: Shutterstock

Expert Jeff Bardin told Business Insider the virus used to spy on the Iran talks can access sensitive files, personal details, and more.

The Duqu 2 virus, which foreign sources claim Israel planted in order to spy on the Iran nuclear talks, has significant capabilities beyond eavesdropping. Treadstone 71 CIO Jeff Bardin told Business Insider that the virus can also access sensitive files, individuals personal details, passwords, and more.

Since Duqu uses root capabilities and exploits vulnerabilities that allow for an elevation of privileges, Duqu can be used to install other code that can keystroke log, record conversations, record video, extract files, track any activity that occurs on the infected Windows PC or laptop. This includes the capturing of user IDs, passwords, and sensitive files."

Bardin added, Once the code is installed, most anti-virus software cannot detect or remove this malware. Duqu allows for the complete takeover of the target Windows devices.

The Wall Street Journal reported yesterday that Internet-security company Kaspersky believes that someone planted the Duqu virus in the hotels at which the Iran nuclear talks were held, in order to spy on them. Foreign sources believe that Israel is behind the attack. Israel was silent on the matter until this morning, when Israels Deputy Minister of Foreign Affairs Tzipi Hotovely denied Israels involvement.

There is no basis for the international reports claiming Israel was involved in the matter, Hotovely told Israel Army Radio (Galei Tzahal) today. Whats much more important is that we prevent a bad deal, otherwise, at the end of the day, we will find ourselves under Irans nuclear umbrella.

No Israeli official other than Hotovely has issued a response, and the government is remaining silent on the matter.

Casaba Security co-founder and Managing Principal Chris Weber told Business Insider that the new, updated version of the Duqu virus, Duqu 2.0, "is an extremely advanced malware platform with delivery mechanisms on par with Stuxnet." (In 2012, it was reported that Israel and the US had planted the Stuxnet worm in the Iran nuclear facility and disrupted its operation.)

Weber added, "Once infected, the Duqu platform offers its operators ability to install either a simple, memory-resident backdoor or a more persistent and fully featured command and control package. After that, the platform allows for leverage into other parts of the network."

Weber called Duqu 2.0 "bad-ass," and believes malware to be "the tool of choice for nation-state spying."

Published by Globes [online], Israel business news - - on June 11, 2015

Copyright of Globes Publisher Itonut (1983) Ltd. 2015

Hacker; Photo: Shutterstock
Hacker; Photo: Shutterstock
Twitter Facebook Linkedin RSS Newsletters Israel Business Conference 2018