An Iranian military official accused the United States and Israel of launching a "Stars" virus to compromise Iranian systems.
Iran has uncovered another
computer virus targeting the country as part of an ongoing cyber-attack
campaign, according to a senior military official. Its capabilities and actual
target are still unknown.
Iranian experts discovered
the "espionage virus," code-named "Stars," Gholam Reza Jalali, the head of
Passive Defense, an Iranian military unit in charge of combating sabotage, said
in a report posted April 25 on the Passive Defense Website. The report did not
indicate whether the malware targeted sensitive equipment or facilities or
random computers across the country.
"Fortunately, our young
scientists were able to discover the virus, and now the virus Stars is
presented to the laboratory," Jalali wrote in the report, posted on paydarymelli.ir
While downplaying the impact
of Stars, Jalali noted that it is "harmonious" with computer systems and that
it "inflicts minor damage" in the initial stage. Stars can be mistaken for
executive files of governmental organizations, according to Jalali.
This suggests the attack was
disguised as a legitimate Word, PDF or other similar document type to trick
unsuspecting victims into infecting government computers, Graham Cluley, senior
technology consultant at Sophos, speculated on the Naked
. Several organizations, including federal research facility Oak
Ridge National Laboratory
, have disclosed that attackers breached their
systems by tricking employees into opening malicious Word or Excel documents.
There are currently no
details on whether Stars has any destructive capabilities or if it steals
sensitive information. It's also unclear as to when it was first detected.
Experts were still
investigating the full scope of the malware's abilities in order to determine
the necessary steps to "counter" the virus. "No definite and final
conclusions have been reached," Jalali told
, the country's semi-official news agency.
A unit set up by the
Ministry of Information Technology and Telecommunications will be decoding the
virus, the report said.
Jalali blamed the United
States and Israel for creating the Stars virus, claiming it was part of the
nations' alleged cyber-attack against Iran. Iranian officials blame the U.S.
and Israel for last year's Stuxnet worm, which targeted specific Siemens SCADA
(supervisory control and data acquisition) systems and effectively disabled the
country's nuclear facilities. Jalali claimed in an April 16 report that Iranian
experts have determined that Stuxnet-infected systems sent back reports of its
activities to a server located in Texas.
There is no proof at this
point whether Stars is "really specifically targeting Iranian systems," Cluley
said, noting that Sophos researchers see over 100,000 new unique malware
samples every day, and many of them are designed to spy on victims' computers.
"Presumably the Iranian
authorities have reason to believe that the Stars virus they have intercepted
was specifically written to steal information from their computers and is not
just yet another piece of spyware," Cluley said.
Stuxnet, which was publicly
identified last June, was spread primarily by USB drives. The worm reportedly
mutated and infected at least 30,000 industrial systems over the course of the year.
Nearly half the IT executives in the electric industry sector around the world
said they had found
on their systems in a recent McAfee report looking at cyber-attacks
on critical infrastructure.
acknowledged in December that Stuxnet affected a number of centrifuges at its
main uranium enrichment facility in Natanz, but claimed scientists had
discovered and neutralized the worm before it caused serious damage.
Despite the efforts to
contain Stuxnet, it remains an active threat for Iran. It "does not mean the
threat has been completely resolved, because viruses have a specific lifetime
and may continue their activities," Jalali said in the same report.
Stuxnet is still on various
machines in the wild and hasn't gone away, Randy Abrams, director of technical
education at ESET told eWEEK. "We don't know if the authors accomplished their
objective" in developing Stuxnet, and it was reasonable to assume that the worm
could be updated with new instructions to launch further attacks, Abrams said.
"The country should prepare
itself to tackle future worms since future worms, which may infect our systems,
could be more dangerous than the first ones," the Mehr news agency quoted
Jalali as saying.