Stars virus: Iran claims to intercept second cyberwarfare attack

StarsIranian officials today claimed to have intercepted a cyberwarfare attack, involving malware designed to spy upon government systems.

The malware has been dubbed the “Stars” virus by Gholamreza Jalali, the head of Iran’s civil defence organisation, who broke the news on the institution’s website.

Jalali says that the Stars virus continues to be investigated by the country’s experts, and that it could have been “mistaken for executive files of governmental organisations”. That suggests that the attack may have been disguised as a legitimate Word, PDF file or similar document in an attempt to trick unsuspecting victims into infecting government computers.

Inevitably, many people will remember the brouhaha that surrounded the Stuxnet virus last year, and sure enough the media has jumped upon the story of the new Stars virus.

Unfortunately, we can’t tell you much about this Stars virus. As far as we know, we don’t have a sample in our malware collection – and we would really need the Iranian authorities to share what they have seen with the anti-malware community, so we can delve a little deeper.

An MD5 checksum, for instance, would quickly help us ascertain if this is a sample of some malware that we’ve seen before.

In his statement, Jalali blamed American and Israeli forces for attacking Iranian websites, but we are not able to confirm that the malware attack – if genuine – originated in either country or if it is really specifically targeting Iranian systems.

Let’s not forget, we see almost 100,000 new unique malware samples every day – much of it designed to spy upon victims’ computers. Presumably the Iranian authorities have reason to believe that the Stars virus they have intercepted was specifically written to steal information from their computers, and is not just yet another piece of spyware.

If we learn any more we’ll certainly let you know.