"Stars" worm targets systems in Iran, official says

Share this article:

On the heels of the Stuxnet worm, Iran officials say they have discovered a new piece of malware also designed to sabotage government systems.

Gen. Gholam Reza Jalali, who leads the country's Passive Defense system, said Monday that authorities are investigating the new worm, known as Stars, according to a Mehr News Agency report.

“[C]ertain characteristics about the Stars worm have been identified...and it is likely to be mistaken [by users] for executable files of the government,” Jalali told the news agency.

Jalail said damage so far has been minimal, but would not elaborate on which systems have been targeted.

This is the second piece of custom malware with which the Iran government has had to deal in the past year.

First discovered last summer, Stuxnet, according to a Symantec report, exploited four zero-day vulnerabilities, compromised two digital certificates and injected code into the programmable logic controllers, or PLCs, of industrial control systems used to manage industrial environments – such as power plants, oil refineries and gas pipelines.

The worm affected two sites in Iran, a uranium processing center in Natanz and a nuclear reactor in Bushehr. The  attack put the global security community on notice that their enterprise or government infrastructure is susceptible to a similar infection that could cripple computer systems that control physical facilities.

Although the origin of the Stuxnet attacks have never been determined – it is widely believed to have originated in the United States or Israel – it targeted Siemens industrial control software.

Last week, according to reports, Jalali accused Germany-based Siemens of enabling the attack.

Experts have said that much of the equipment in control systems is several years old, and security patches are often overlooked, since replacing parts would disrupt operations.

Security experts said Monday that they are awaiting more information about Stars.

"We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyberwar attack," Mikko Hypponen, chief research officer at anti-virus firm F-Secure, wrote in a blog post.

Graham Cluley, senior technology consultant at Sophos, said in a separate post that little is known beyond Jalali's initial remarks.

"Unfortunately, we can't tell you much about this Stars virus," Cluley wrote. "As far as we know, we don't have a sample in our malware collection -- and we would really need the Iranian authorities to share what they have seen with the anti-malware community, so we can delve a little deeper."

Both Hypponen and Cluley could not be reached for additional comment.
Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.