Security experts have no details on Iran’s claim it was targeted by new malware

Cyrus Farivar | Featured, Iran
26 Apr 2011

On Monday, Gholam Reza Jalali, the commander of the Iranian civil defense organisation, stated on his organization’s website that Iran had been hit by a new cyberworm, a la Stuxnet, called “Stars.”

“The Stars virus has been presented to the laboratory but is still being investigated,” Jalali said, according to a translation by the Washington Post.

Jalali announced earlier this month that Iran would be launching new graduate degree programs in cybersecurity as a way to counter the effects of the Stuxnet worm.

But, in the Monday post, Jalali added that the new virus is tough to eradicate, as it can be “mistaken for executive files of governmental organizations.”

The thing is, no one — apparently outside of Jalali and his colleagues — have actually seen any technical evidence of this new malware.

“We have no further information on this attack at this time,” wrote Mikko Hypponen, a computer security researcher with F-Secure, on his company’s blog. “We can’t tie this case to any particular sample we might already have. We don’t know if this is another cyber attack launched by US Government. We don’t know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack. Hopefully we’ll find out more soon.”

On its blog, McAfee, anotheer computer security firm, echoed this sentiment:

“Outside of the published news reports, McAfee has no information on ‘Stars’ at this time,” wrote Joris Evers, a company spokesperson. “That’s different from Stuxnet, where international cybersecurity companies knew of the malware and were able to investigate it through customary sharing of malware samples. We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be.”

On Tuesday, Graham Cluley, a researcher at Sophos, posted on Twitter said: “We’d need to see the malware first. And the Iranian reports are far too vague to work out if it’s something we already know about.”

He added later:

“It’s my *guess* that it exists. A hunch if you prefer. But precisely what it is remains unclear.”

Reached by e-mail, a representative from Kaspersky Labs wrote: “At the moment, Kaspersky Lab experts don’t have any information to share.”

Leave a Reply