"Stars" worm targets systems in Iran, official says

Share this article:

On the heels of the Stuxnet worm, Iran officials say they have discovered a new piece of malware also designed to sabotage government systems.

Gen. Gholam Reza Jalali, who leads the country's Passive Defense system, said Monday that authorities are investigating the new worm, known as Stars, according to a Mehr News Agency report.

“[C]ertain characteristics about the Stars worm have been identified...and it is likely to be mistaken [by users] for executable files of the government,” Jalali told the news agency.

Jalail said damage so far has been minimal, but would not elaborate on which systems have been targeted.

This is the second piece of custom malware with which the Iran government has had to deal in the past year.

First discovered last summer, Stuxnet, according to a Symantec report, exploited four zero-day vulnerabilities, compromised two digital certificates and injected code into the programmable logic controllers, or PLCs, of industrial control systems used to manage industrial environments – such as power plants, oil refineries and gas pipelines.

The worm affected two sites in Iran, a uranium processing center in Natanz and a nuclear reactor in Bushehr. The  attack put the global security community on notice that their enterprise or government infrastructure is susceptible to a similar infection that could cripple computer systems that control physical facilities.

Although the origin of the Stuxnet attacks have never been determined – it is widely believed to have originated in the United States or Israel – it targeted Siemens industrial control software.

Last week, according to reports, Jalali accused Germany-based Siemens of enabling the attack.

Experts have said that much of the equipment in control systems is several years old, and security patches are often overlooked, since replacing parts would disrupt operations.

Security experts said Monday that they are awaiting more information about Stars.

"We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyberwar attack," Mikko Hypponen, chief research officer at anti-virus firm F-Secure, wrote in a blog post.

Graham Cluley, senior technology consultant at Sophos, said in a separate post that little is known beyond Jalali's initial remarks.

"Unfortunately, we can't tell you much about this Stars virus," Cluley wrote. "As far as we know, we don't have a sample in our malware collection -- and we would really need the Iranian authorities to share what they have seen with the anti-malware community, so we can delve a little deeper."

Both Hypponen and Cluley could not be reached for additional comment.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.