Experts: Is Iran Crying Wolf over Stars Malware Attack?

Thursday, April 28, 2011



Iranian officials announced earlier this week that they believe government systems are being targeted by a new malware strain dubbed "Stars", but security experts are now expressing doubt as the whether the malware actually exists.

Gholam-Reza Jalali, head of the Iranian Passive Defense Organization, had stated that a sample of the virus was isolated for study by Iranian security researchers, but the sample has yet to be shared with any other authority for corroberation.

"Every AV vendor is clamoring to get their hands on this malware, yet so far Iran has not produced a sample of the code. Until a vendor or two can corroborate these claims this news falls into the propaganda category," said Andrew Storms, director of security operations for nCircle.

Jalali had told the Mehr news agency that "certain characteristics about the 'Stars' virus have been identified, including that it is compatible with the (targeted) system. In the initial stage, the damage is low and it is likely to be mistaken for governmental executable files." 

Jalali did not indicate which systems were infected with the virus or elaborate on the extent of the damage thus far, but his statements indicated that the malware had inflicted a measurable level of harm to the systems.

"Given the lack of opaqueness on the part of Iran, it seems unlikely that there has been anything new discovered and it is questionable as to whether or not anything at all was found, and if something was, whether or not it was truly malicious," said Randy Abrams, director of technical education for ESET.

Other security experts agree that the lack of evidence to support the Iranian claims of a new malware strain employed in a cyber attack casts serious doubt on whether the threat actually exists.

"Up until this point there have been no details or proof of the attack. There has been no mention of the worm's targets or its possible intent, simply a claim that it has happened. In the Stuxnet case, security companies had samples to analyze and share, and were able to see first-hand the complexity of that worm," said AppRiver's Fred Touchette.

Until Iranian officials decide to provide more details of the supposed incident, malware researchers and security experts have little information upon which to speculate. 

"Without any sort of sample or even an MD5 hash to compare to, unfortunately, we'll just have to wait and see," Touchett continued.


Possibly Related Articles:
Viruses & Malware
virus malware Attack Iran Stuxnet Headlines Stars
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.