Iran hit by second espionage virus?

Yesterday, military reports out of Iran indicated that the country had once again been hit by a second computer virus.  From the Associated Press:

TEHRAN, Iran – Iran has been hit by a second computer virus, a senior military official said Monday, suggesting it was part of a concerted campaign to undermine the country's disputed nuclear program.

Gholam Reza Jalali, the head of an Iranian military unit in charge of combatting sabotage, said that experts discovered the "espionage virus," which he called "Stars."  "The Stars virus has been presented to the laboratory but is still being investigated," Jalali said in a report posted Monday on his organization's website, "No definite and final conclusions have been reached."

He did not say what equipment or facilities the virus targeted, or when experts first detected it.  "Stars" is the second serious computer worm to hit Iran in the past eight months. Late last year, a powerful virus known as Stuxnet targeted the country's nuclear facilities and other industrial sites.

Iran has acknowledged that Stuxnet affected a limited number of centrifuges — a key component in the production of nuclear fuel — at its main uranium enrichment facility in the central city of Natanz. But Tehran has said its scientists discovered and neutralized the malware before it could cause serious damage.  Jalali downplayed the impact of Stars, but said it is "harmonious" with computer systems and "inflicts minor damage in the initial stage and might be mistaken for executive files of governmental organizations."

Last week, Jalali said Stuxnet could have caused large-scale accidents and loss of life and claimed that Iranian experts have determined that the United States and Israel were behind the malware, which can take over the control systems of industrial sites like power plants.

At this stage it is too early to say whether or not the Stars virus is a targeted piece of malware or not.  In recent months, a number of private companies (Sony, RSA, Epsilon, Silverpop, Gawker) in the United States have been hit with spear phishing attacks and the malware that compromised those systems were used to steal user data.

Given what we know about Stuxnet’s behavior, and given that the details about this particular virus have not been revealed, and given that everyone these days is being hit with “targeted” malware, we cannot say one way or the other about whether or not this was a targeted attack or is a case of “run-of-the-mill” malware that is being mistaken for something more.

Skip to main content