x Abu Dhabi, UAETuesday 25 July 2017

Trojan attack may not be limited to Iran

Fears virus that forced oil terminal off-line will spread to region.

DUBAI // Experts are investigating whether a cyberattack aimed at Iran's oil sector this week could pose a threat to the region.

The malicious software, a Trojan virus that has not yet been named, came to light on Sunday when Tehran announced that its main oil-export terminal had been disconnected from the internet to stop the virus spreading to refineries.

A Trojan is a type of malware designed to give remote control of one computer to another in order to inflict damage or steal information. Famous Trojans have included Zeus and Netbus.

Iran has faced other cyberthreats in recent years, foremost among them Stuxnet, a worm that disrupted operations in nuclear centrifuges and spread to the region and infected computers in many nations, including more than 200 in the UAE.

While the nature of the latest virus is unclear, if it is as infectious as Stuxnet it is unlikely to be contained in Iran, said David Michaux, a computer forensics investigator in Dubai.

"It would be difficult for it to specifically target just Iran, because when you do something like this it works by targeting an operating system rather than a country," Mr Michaux said.

But he said he had not yet heard of any infections occurring outside of Iran.

Kaspersky Lab, a major anti-virus company based in Moscow, said this week that it believed the creators of Stuxnet and Duqu, another Trojan that was initially aimed at Iran, might have created further malware.

A company spokesman yesterday described how the new virus wreaks havoc.

"Preliminary data suggests that files on several computers were overwritten with garbage code, after which the hard disks on the targeted systems were wiped clean by a malicious program," the spokesman said.

"At the present time we have not identified any of the files of the malicious program that wipes the system clean."

mcroucher@thenational.ae