Feeds

Iran says it was attacked by second computer worm

'Espionage virus' targets country's networks

Internet Security Threat Report 2014

A senior Iranian commander said his country has been targeted by a second malware attack in addition to the Stuxnet worm that was designed to disrupt nuclear operations.

Iranian security personnel are still in the process of investigating the Stars computer worm, Brigadier General Gholam-Reza Jalali, told Iran's Mehr News Agency. The Associated Press quoted him as calling the malware an “espionage virus” that targeted undisclosed computer systems in his country.

“Certain characteristics about the Stars worm have ben identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial state, and it is likely to be mistaken for executable files of the government,” said Jalali, who heads Iran's Passive Defense Organization, a military unit in charge of combatting sabotage.

Jalali's claim follows the discovery in July of a worm that targeted SCADA, or supervisory control and data acquisition, computer systems throughout the world. Many researchers who have studied the so-called Stuxnet worm claim it was designed to sabotage Iran's nuclear facilities by causing centrifuges used in uranium enrichment to operate at unsafe speeds. The New York Times has said the highly sophisticated malware was jointly engineered by the US and Israel.

Last week, Jalali repeated claims that the US and Israel were behind the attack and went on to say those countries got help from German engineering firm Siemens, which built the industrial control system that was sabotaged by Stuxnet.

Jalali and other Iranian officials have said that Stuxnet managed to affect a limited number of Iran's centrifuges but that damage was contained after the discovery.

“It must be taken into consideration that (the fact that we dealt with) Stuxnet does not mean that the threat has been completely eliminated since worms have specific life cycles and can continue their activities in other forms,” Mehr quoted him as saying. “Therefore the country should prepare itself to tackle future worms since future worms, which may infect our systems, could be more dangerous than the first ones.”

There's no evidence researchers outside of Iran have examined the new worm.

“We can't tie this case to any particular sample we might already have,” F-Secure researcher Mikko Hypponen wrote in a blog post published Monday. “We don't know if this is another cyber attack launched by (the) US government. We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack.” ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.