Iran Targeted by New Computer Worm in Cyber Attack

Monday, April 25, 2011



Iranian officials indicate they believe government systems are now being targeted by a new computer worm cyber attack.

The new malware strain has been dubbed "Stars", and Gholam-Reza Jalali, head of the Iranian Passive Defense Organization stated that a sample of the virus has been isolated for study by Iranian security researchers.

"Certain characteristics about the 'Stars' virus have been identified, including that it is compatible with the (targeted) system. In the initial stage, the damage is low and it is likely to be mistaken for governmental executable files," Gholam Reza Jalali, commander of the Iranian civil defense organization, told the Mehr news agency.

Jalali did not indicate which systems were infected with the virus or elaborate on the extent of the damage thus far, but his statements confirm that the malware has inflicted a measurable level of harm to the systems.

"Fortunately, our young experts have been able to discover this virus and the Stars virus is now in the laboratory for more investigations... The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organisations," Jalali is quoted as saying by Reuters.

The announcement comes one week after Jalali suggested that the German-based Siemens corporation was responsible for providing the intelligence necessary for the development of the Stuxnet virus, and should be held legally liable in the matter.

Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems which provide operations control for critical infrastructure and production networks, and leading theories indicate that the malware was probably produced to stifle Iran's nuclear warhead ambitions.

The Stuxnet virus attack is thought to have caused severe damage to Iranian uranium enrichment facilities and reportedly set back the nation's nuclear program by as much as several years.

"The research and inquiry into the matter indicates that the Stuxnet worm was disseminated from sources in the US and Israel. Iran's Foreign Ministry should probe into the political and legal aspects of the cyber attack while other Iranian bodies should pursue and complain to international circles... Siemens should explain why and how it provided the enemies with the codes for the SCADA software... After following up the reports that were sent, it became clear that the final destinations (of these reports) were the Zionist regime and the American state of Texas," Jalali stated.

Stuxnet was first identified in 2010, and both the New York Times and a German researcher have indicated that the source of the malicious code was a joint program administered by the U.S. and Israel.

"We should know that fighting the Stuxnet virus does not mean the threat has been completely tackled, because viruses have a certain life span and they might continue their activities in another way," Jalali said.

Possibly Related Articles:
Viruses & Malware
SCADA malware Attack Iran Stuxnet Headlines Cyber Warfare Stars
Post Rating I Like this!
Ken Major "We should know that fighting the Stuxnet virus does not mean the threat has been completely tackled, because viruses have a certain life span and they might continue their activities in another way,"

Um we still only know what it does by what we know it did but. Just like many other aspects of Iran, the Passive Defense Organization is still operating with stone age methods.

Shoule the info sec world really expect anything more from a function with an oxymoronic name? I suggest the Passive and Barely Capable Defense Organization.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.