Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Security experts have no details on Iran’s claim it was targeted by new malware

Cyrus Farivar cfarivar at
Tue Apr 26 05:13:34 PDT 2011

On Monday, Gholam Reza Jalali, the commander of the Iranian civil
defense organisation, stated on his organization’s website that Iran
had been hit by a new cyberworm, a la Stuxnet, called “Stars.”

“The Stars virus has been presented to the laboratory but is still
being investigated,” Jalali said, according to a translation by the
Washington Post.

Jalali announced earlier this month that Iran would be launching new
graduate degree programs in cybersecurity as a way to counter the
effects of the Stuxnet worm.

But, in the Monday post, Jalali added that the new virus is tough to
eradicate, as it can be “mistaken for executive files of governmental

But the thing is, no one — apparently outside of Jalali and his
colleagues — have actually seen any technical evidence of this new

“We have no further information on this attack at this time,” wrote
Mikko Hypponen, a computer security researcher with F-Secure, on his
company’s blog. “We can’t tie this case to any particular sample we
might already have. We don’t know if this is another cyber attack
launched by US Government. We don’t know if Iran officials have just
found some ordinary Windows worm and announced it to be a cyber war
attack. Hopefully we’ll find out more soon.”

On its blog, McAfee, anotheer computer security firm, echoed this sentiment:

“Outside of the published news reports, McAfee has no information on
‘Stars’ at this time,” wrote Joris Evers, a company spokesperson.
“That’s different from Stuxnet, where international cybersecurity
companies knew of the malware and were able to investigate it through
customary sharing of malware samples. We currently have no way of
verifying the attack the Iranian government is reporting, nor do we
have any way of identifying who might be behind the attack or what the
target could be.”

On Tuesday, Graham Cluley, a researcher at Sophos, posted on Twitter
said: “We’d need to see the malware first. And the Iranian reports are
far too vague to work out if it’s something we already know about.”

He added later:

“It’s my *guess* that it exists. A hunch if you prefer. But precisely
what it is remains unclear.”

Reached by e-mail, a representative from Kaspersky Labs wrote: “At the
moment, Kaspersky Lab experts don’t have any information to share.”

Cyrus Farivar
"suh-ROOS FAR-ih-var"

Freelance technology journalist and radio producer

Author, "The Internet of Elsewhere"

DE: +49 163 763 3108 (m)
US: +1 510 394 5485 (m)

Twitter/Skype: cfarivar

"Being a good writer is 3% talent, 97% not being distracted by the Internet."
cfarivar at

More information about the liberationtech mailing list