After Stuxnet, a ‘Star’ is born

Iran claims it’s under a new Stuxnet-like attack and that the new weapon is the so-called “Stars virus.”

Security scribe Robert Lemos is chasing this one down for us, but at this point all we have to go by is this article from the Reuters news service:

Iran has been targeted by a second computer virus in a “cyber war” waged by its enemies, its commander of civil defence said on Monday. Gholamreza Jalali told the semi-official Mehr news agency that the new virus, called “Stars”, was being investigated by experts.

“Fortunately, our young experts have been able to discover this virus and the Stars virus is now in the laboratory for more investigations,” Jalali was quoted as saying. He did not specify the target of Stars or its intended impact.

“The particular characteristics of the Stars virus have been discovered,” Jalali said. “The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations.”

Jalali warned that the Stuxnet worm, discovered in computers at Iran’s Bushehr nuclear reactor last year, still posed a potential risk. Some experts described it as the world’s first “guided cyber missile”, aimed at Iran’s atomic program.

Iranian officials said they had neutralised Stuxnet before it did the intended damage to its nuclear facilities. They blamed Israel and the United States, which believe Iran is seeking nuclear weapons, for the virus.

Iran says its nuclear program is entirely peaceful.

The existence of Stuxnet became public knowledge around the time that Iran began loading fuel into Bushehr, its first nuclear reactor, last August. Iran said in September that staff computers at Bushehr had been hit but that the plant itself was unharmed.

Bushehr is still not operational, having missed several start-up deadlines. This has prompted speculation that Stuxnet damaged the plant, something Iran denies. Officials have said the virus could have posed a major risk had it not been discovered and dealt with before any major damage was done.

Some defense analysts say the main target was more likely to be Iran’s uranium enrichment program. Enrichment creates fuel for nuclear power plants or, if pursued to a much higher degree, can provide material for an atomic bomb.

Jalali said Stuxnet might still pose a risk. “We should know that fighting the Stuxnet virus does not mean the threat has been completely tackled, because viruses have a certain life span and they might continue their activities in another way.” He urged the government to take action against the enemies he said were waging cyber war on Iran. “Perhaps the Foreign Ministry had overlooked the options to legally pursue the case, and it seems our diplomatic apparatus should pay more attention to follow up the cyber wars staged against Iran,” Jalali said.

More information to follow as we get the details.

–Bill Brenner