Iran claims national IT systems under renewed malware attack

An Iranian government official has claimed that the country is being attacked by a new type of malware, dubbed Stars, in the wake of the earlier Stuxnet worm.

Iranian cyber security official Gholam-Reza Jalali told the Mehr news agency that Iran's cyber security team had discovered a worm which has been infiltrating government computer systems.

"Certain characteristics about the Stars worm have been identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial stage, and it is likely to be mistaken for executable files of the government," he said.

Jalali also accused the US and Israel of breaking international law by using the Stuxnet malware against the country's nuclear fuel generation systems.

Experts believe that Stuxnet was a government-designed piece of malware that may have disabled a quarter of the centrifuges Iran uses to produce nuclear fuels, something the Iranians deny.

"It must be taken into consideration that (the fact that we dealt with) Stuxnet does not mean that the threat has been completely eliminated, since worms have specific lifecycles and can continue their activities in other forms," he said.

"Therefore the country should prepare to tackle future worms since future worms, which may infect our systems, could be more dangerous than the first ones."

Security firms are in the dark about the Stars malware, as the Iranians have offered no samples to researchers and the name itself means very little, since they are assigned at random by the discoverer.

"Unfortunately, we can't tell you much about this Stars virus. As far as we know, we don't have a sample in our malware collection, and we would really need the Iranian authorities to share what they have seen with the anti-malware community so we can delve a little deeper," said Graham Cluley, senior technology consultant at Sophos.

"An MD5 checksum, for instance, would quickly help us ascertain if this is a sample of some malware that we've seen before."

Similarly Kaspersky Labs told V3.co.uk that the company could not comment, but had laboratory staff seeking traces of the malware.