Has a new virus attacked Iran?

On monday April 25th 2011 the Iran news agency Mehr reported, that Iran was the victim of a new on-line attack, after the Stuxnet offensive.  This time it was attacked by a worm called Stars. According to the Iranian spokesman, the commander of the Civil Defense in the country, Iranian computer experts had identified the virus in time and they were examining the malware and studying it. In his words the aim of the attack had been to damage government computers in Iran and he added that the country would have to brace itself for more on-line assaults in the future, more destructive than the present one. On this subject the spokesman had said a week earlier, that Iran holds the German firm of Siemens responsible for the infiltration of the computers in Iranian industrial installations by the Stuxnet worm.

However, contrary to the Stuxnet case, this worm did not rate any communicational echo. Western security experts tended to be skeptical about the veracity of the claims, shortly after they had been made public, among other things because contrary to past experience there were not any examples of the worm code that had reached them and Iran was not exposing any information about the new on-line offensive.

A number of claims have been raised in  connection to this new worm, among them: the newly discovered worm is part of the Stuxnet onslaught and functions as an alternative plan that was activated within the cadre of this attack; the present attack is an endeavour by additional countries to create similar types of malware; we are dealing here with a marginal on-line offensive which really took place and in the light of past experience, notably with Stuxnet, was blown-up beyond all proportions; and still other assumptions.

This has gone on until a situation has been reached, that experts no longer deny the possibility that a local network may have exaggerated the attack, which indeed took place, or even that an attack was invented for internal political aims, in the light of the instability prevailing in the country lately. Of course the possibility still exists that this kind of attack really took place and its source is a new worm, but in this case the Iranians chose intentionally not to render any any information about this case.

The general estimate is, that the former offensive having been intended to strike at industry installations in Iran, then the second attack, if indeed it was carrried out, had for its aim not the causing of damage, but rather the stealing of information and spying.

On May 11 the Iranian minister for information announced that government institutions had been warned of this worm and that the necessary measures had been initiated. However, in an interview on May 20 with this same news agency Mehr, Iran’s minister for communications and information technology would neither admit nor deny the reports that Iran had been under attack by a second worm, but said instead, that the subject was now under study and that the exaggerated publications on the subject are part of the psychological means of warfare in which Iran finds itself involved.

So now, is there a new worm or not? Was Iran indeed subjected to an on-line assault? Or rather is this an Iranian invention for various aims?

In the meantime it looks as if some three weeks after its first publication the subject remains well-hidden and only little has been exposed. Iran is not pressed to supply information on the subject and it looks as if the Western experts have more assumptions than certitudes.

This post is also available in: עברית