Stars virus: Iran claims to intercept second cyberwarfare attack

Filed Under: Malware

StarsIranian officials today claimed to have intercepted a cyberwarfare attack, involving malware designed to spy upon government systems.

The malware has been dubbed the "Stars" virus by Gholamreza Jalali, the head of Iran's civil defence organisation, who broke the news on the institution's website.

Jalali says that the Stars virus continues to be investigated by the country's experts, and that it could have been "mistaken for executive files of governmental organisations". That suggests that the attack may have been disguised as a legitimate Word, PDF file or similar document in an attempt to trick unsuspecting victims into infecting government computers.

Inevitably, many people will remember the brouhaha that surrounded the Stuxnet virus last year, and sure enough the media has jumped upon the story of the new Stars virus.

Unfortunately, we can't tell you much about this Stars virus. As far as we know, we don't have a sample in our malware collection - and we would really need the Iranian authorities to share what they have seen with the anti-malware community, so we can delve a little deeper.

An MD5 checksum, for instance, would quickly help us ascertain if this is a sample of some malware that we've seen before.

In his statement, Jalali blamed American and Israeli forces for attacking Iranian websites, but we are not able to confirm that the malware attack - if genuine - originated in either country or if it is really specifically targeting Iranian systems.

Let's not forget, we see almost 100,000 new unique malware samples every day - much of it designed to spy upon victims' computers. Presumably the Iranian authorities have reason to believe that the Stars virus they have intercepted was specifically written to steal information from their computers, and is not just yet another piece of spyware.

If we learn any more we'll certainly let you know.

, , , ,

You might like

4 Responses to Stars virus: Iran claims to intercept second cyberwarfare attack

  1. mcgimpsey · 1628 days ago

    Anything that the Iranian officials have to say concerning the USA is not worthy of comment.

    • MacGimpsy · 1628 days ago

      And so you felt you had to comment? :) Fail.

    • You could say the same in reverse (anything the us says about iran is rubbish). It's all smoke n mirrors, the trick is to look beond the propoganda from all sides (and if you can the CIA has a job for you :) )

  2. anonymous:; · 1628 days ago

    Why IR-CERT or other research centers in Iran haven't published any reports yet (Even a MD5 Hash of claimed malware)!!!?? I think ~15 days are enough for initial analysis of this malware.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley