It’s called the Viper. It is a computer virus. Open it once and it propagates and grows in every other file that is opened.
And last month it struck Iran.
That’s the third computer virus to hit Iran in the past eighteen months. But this one, the Viper, is different from the others.
The Viper targeted oil production and oil transfer components within Iran. It also struck the Oil Ministry. On Sunday April 22, the Oil Ministry was shut down and numerous computers were taken offline in an attempt to protect their programs.
The official response from Iran is that no data was lost. That is a true assertion on its face. But the Viper, like its predecessors Stuxnet and DUQU, the other viruses to be set loose on Iran, are not about gathering data. They are about hijacking the system.
No one actually knows who or what created these viruses although the best bet is Israel. For their part, the Israelis have been mum about this latest and all other virus attacks – just as they are about almost every other attack they perpetrate.
Stuxnet was almost certainly manually introduced into a computer through a memory stick, aka a flash drive. This was the only dimension of the cyber attack that required old-style spy activity. A real living. breathing spy was needed to find a computer that was using Siemens hardware and operating on nuclear enrichment. The operative needed only to insert that drive and then the virus would run its course.
Stuxnet hit Iran in September 2010. The virus originated – entered the Siemens system – in China, probably around February of 2010. Along its travels the Stuxnet virus stopped and left calling cards in North Korea infecting that nation’s nuclear program and causing a series of nuclear research malfunctions.
Slowly it made its way to its eventual and ultimate target – Iran. True to form, it only attacked Siemens products that were connected to and working on nuclear and uranium enrichment. Computers not involved in Siemens or nuclear work were spared; Stuxnet had no impact on their system.
When it did come to rest in Iran the virus struck with such precision that it knocked the Iranian nuclear enrichment program back months. It took nearly a year to clean up the Iranian system and to get it back on line – before it was shot down again, in November 2011, by the DUQU virus.
DUQU is a close cousin of Stuxnet. It is found in font files and takes over the system. It is a sabotage program that has computers literally running on autopilot.
The most wondrous part of these two programs is that after a specified period – for DUQU it was 30 days – they go dormant. They are almost undetectable and when they are detected they show up as having been quarantined by Norton. But they trick the anti-virus program. The attacking virus is still alive and well, just disguised and waiting to once again be awakened and resume operation.
The purpose of these viruses is to corrupt command systems. It is as if they have minds of their own. You want A, you get W, you want W you get R. No rhyme, no reason as far as the computer operators can tell. The viruses confuse, configure and create different and unwanted commands. They cause huge snafus and create deliberate errors and mistakes.
This virus, the Viper, is a very bold strike against the very soft underbelly of Iran. Until now the cyber war was waged against nuclear facilities and research – annoying, to be sure, and a setback to the cause. This attack, though, strikes at the very heart of the Iran’s financial sources and livelihood.
Fifty of the country’s most gifted tech experts were summoned to the Oil Ministry on the Tuesday immediately after the virus was discovered and charged with putting their collective brain power to work to solve the crisis and make certain that the oil industry of Iran is safe.
But Iran is not known for its skill in hacking and counter-cyber warfare. Actually, it is known as a country that contracts out its computer defense. That means Iran’s tech community, along with its hired guns from countries like Russia and Germany, are hard at work trying to contain, protect and then trace the source of the virus.