[liberationtech] Security experts have no details on Iranbs claim it was targeted by new malware

http://internetofelsewhere.com/blog/2011/04/26/security-experts-have-no-deta... On Monday, Gholam Reza Jalali, the commander of the Iranian civil defense organisation, stated on his organizationbs website that Iran had been hit by a new cyberworm, a la Stuxnet, called b Stars.b b The Stars virus has been presented to the laboratory but is still being investigated,b Jalali said, according to a translation by the Washington Post. Jalali announced earlier this month that Iran would be launching new graduate degree programs in cybersecurity as a way to counter the effects of the Stuxnet worm. But, in the Monday post, Jalali added that the new virus is tough to eradicate, as it can be b mistaken for executive files of governmental organizations.b But the thing is, no one b apparently outside of Jalali and his colleagues b have actually seen any technical evidence of this new malware. b We have no further information on this attack at this time,b wrote Mikko Hypponen, a computer security researcher with F-Secure, on his companybs blog. b We canbt tie this case to any particular sample we might already have. We donbt know if this is another cyber attack launched by US Government. We donbt know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack. Hopefully webll find out more soon.b On its blog, McAfee, anotheer computer security firm, echoed this sentiment: b Outside of the published news reports, McAfee has no information on bStarsb at this time,b wrote Joris Evers, a company spokesperson. b Thatbs different from Stuxnet, where international cybersecurity companies knew of the malware and were able to investigate it through customary sharing of malware samples. We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be.b On Tuesday, Graham Cluley, a researcher at Sophos, posted on Twitter said: b Webd need to see the malware first. And the Iranian reports are far too vague to work out if itbs something we already know about.b He added later: b Itbs my *guess* that it exists. A hunch if you prefer. But precisely what it is remains unclear.b Reached by e-mail, a representative from Kaspersky Labs wrote: b At the moment, Kaspersky Lab experts donbt have any information to share.b -- Cyrus Farivar "suh-ROOS FAR-ih-var" Freelance technology journalist and radio producer Author, "The Internet of Elsewhere" http://www.internetofelsewhere.com DE: +49 163 763 3108 (m) US: +1 510 394 5485 (m) Twitter/Skype: cfarivar "Being a good writer is 3% talent, 97% not being distracted by the Internet." http://cyrusfarivar.com cfarivar@cfarivar.org _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE