Iran claims to have discovered new malware it is calling the Stars worm attacking computer infrastructure.
General Gholam-Reza Jalali announced discovering Stars, but spoke only very vaguely about it. (See Iran Times of April 22, page three.)
Jalali said, “Certain characteristics about the Stars worm have been identified, including that it is compatible with the [targeted] system and that the damage is very slight in the initial stage, and it is likely to be mistaken for executable files of the government.”
The magazine PCWorld checked around with computer security specialists and found a high level of disbelief—mainly because Iran failed to distribute copies of the malware for others to analyze, which is the norm.
Andrew Storms, director of security operations for nCircle, told PCWorld, “Every AV [anti-virus] vendor is clamoring to get their hands on this malware, yet so far Iran has not produced a sample of the code. Until a vendor or two can corroborate these claims, this news falls into the propaganda category.”
AppRiver’s Fred Touchette said there is reason to be skeptical. “There have been no details or proof of the attack. There has been no mention of the worm’s targets or its possible intent, simply a claim that it has happened. In the Stuxnet case, security companies had samples to analyze and share, and were able to see first-hand the complexity of that worm.”
Randy Abrams, director of technical education for ESET agreed. “Given the opaqueness on the part of Iran, it seems unlikely that there has been anything new discovered and it is questionable as to whether or not anything at all was found, and if something was, whether or not it was truly malicious.”
Sources from Symantec and McAfee, the largest computer security firms, told PCWorld the same thing—no sample available, and no evidence currently to confirm or deny the claims of the Iranian government.
Given the nature of the Stuxnet worm that struck Iran last years, Storms says it would not be shocking to learn that a new malware threat was developed to target Iranian infrastructure or nuclear capabilities.
On the other hand, it would also not come as a surprise to learn that Iran invented the Stars worm as a propaganda hoax, he said.
PCWorld suggested taking the Iranian claim with a grain of salt and healthy dose of skepticism.