[liberationtech] Security experts have no details on Iranbs claim it was targeted by new malware

Cyrus Farivar cfarivar at cfarivar.org
Tue Apr 26 05:13:34 PDT 2011


On Monday, Gholam Reza Jalali, the commander of the Iranian civil
defense organisation, stated on his organizationbs website that Iran
had been hit by a new cyberworm, a la Stuxnet, called bStars.b

bThe Stars virus has been presented to the laboratory but is still
being investigated,b Jalali said, according to a translation by the
Washington Post.

Jalali announced earlier this month that Iran would be launching new
graduate degree programs in cybersecurity as a way to counter the
effects of the Stuxnet worm.

But, in the Monday post, Jalali added that the new virus is tough to
eradicate, as it can be bmistaken for executive files of governmental

But the thing is, no one b apparently outside of Jalali and his
colleagues b have actually seen any technical evidence of this new

bWe have no further information on this attack at this time,b wrote
Mikko Hypponen, a computer security researcher with F-Secure, on his
companybs blog. bWe canbt tie this case to any particular sample we
might already have. We donbt know if this is another cyber attack
launched by US Government. We donbt know if Iran officials have just
found some ordinary Windows worm and announced it to be a cyber war
attack. Hopefully webll find out more soon.b

On its blog, McAfee, anotheer computer security firm, echoed this sentiment:

bOutside of the published news reports, McAfee has no information on
bStarsb at this time,b wrote Joris Evers, a company spokesperson.
bThatbs different from Stuxnet, where international cybersecurity
companies knew of the malware and were able to investigate it through
customary sharing of malware samples. We currently have no way of
verifying the attack the Iranian government is reporting, nor do we
have any way of identifying who might be behind the attack or what the
target could be.b

On Tuesday, Graham Cluley, a researcher at Sophos, posted on Twitter
said: bWebd need to see the malware first. And the Iranian reports are
far too vague to work out if itbs something we already know about.b

He added later:

bItbs my *guess* that it exists. A hunch if you prefer. But precisely
what it is remains unclear.b

Reached by e-mail, a representative from Kaspersky Labs wrote: bAt the
moment, Kaspersky Lab experts donbt have any information to share.b

Cyrus Farivar
"suh-ROOS FAR-ih-var"

Freelance technology journalist and radio producer

Author, "The Internet of Elsewhere"

DE: +49 163 763 3108 (m)
US: +1 510 394 5485 (m)

Twitter/Skype: cfarivar

"Being a good writer is 3% talent, 97% not being distracted by the Internet."

cfarivar at cfarivar.org
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list