Targeted attackers are leveraging a patched Adobe Flash vulnerability and the ongoing tension around Iran's suspected nuclear program to spread a difficult-to-detect trojan.
Emails were spreading that contained a Word document titled "Iran's Oil and Nuclear Situation", according to Contagio Malware Dump, a malware sample collection site.
The Iranian government has yet again blocked all encrypted international websites outside of Iran that depend on the Secure Sockets Layer (SSL) protocol ahead of parliamentary elections in that country.
The latest web censorship affected Email, proxies and all the secure connections that depend on the SSL protocol, which display addresses beginning with "https." Last week, more than 30m Iranian internet users were unable to access their e-mail accounts, including Gmail and Microsoft's hotmail.
"You are going to tell me what I want to know, it's just a matter of how much you want it to hurt." — Jack Bauer, 24
It sounds like a scene out of a spy movie -- highly trained national paramilitary operatives harshly testing a foreign agent until they break and do their bidding. But that's exactly what Iran is claiming it did to a U.S. Central Intelligence Agency spy drone.
Security vendor Kaspersky Lab has identified infections with the new Duqu malware in Sudan and, more importantly, Iran, the main target of the Trojan's predecessor -- Stuxnet.
Duqu took the security industry by storm last week when the Hungarian research laboratory Crysys shared its analysis of the new threat with the world's top antivirus vendors.
The Dutch secret service has opened an investigation to determine who falsified 531 Internet security certificates in order to snoop on users in Iran, the Dutch Interior Ministry said Tuesday.
"The secret service has opened an investigation," its spokesman Vincent van Steen told AFP, adding "it is specifically to find out who hacked the certificates."
About 300,000 Internet users in Iran have been spied on last month by one or several hackers who stole security certificates from a Dutch IT firm, a report presented by the Dutch government said on Monday.
Using a stolen certificate the hacker, or hackers, monitored people who visited Google.com, could steal their passwords and could obtain access to other services such as Facebook and Twitter, said Dutch IT firm Fox-IT, which wrote the report.
