No news may mean no virus backing Iran cyber-attack claim

Security analysts eager to dissect 'Stars' virus; Iran offers no code or details

Usually, a within a day or so after a virus attack big enough that a country's military not only acknowledges, but publicizes it, security vendors are able to dissect the thing and find out a lot more than the original victim usually did.

Over the weekend the director of Iran's civil defense, who is responsible for preventing sabotage and at least partly for warding off digital attacks like the Stuxnet virus in 2010, said Iranian security crews had intercepted a new virus they named "Stars."

So far no security company in the world has acknowledged having seen Stars either in the wild or through customers, partners and other channels that normally distribute virus code to the network of security companies and government agencies interested in protecting against it.

Iran is unusually uncooperative with the West on digital issues, especially since the whole Stuxnet thing made it all sensitive about having its most sensitive military projects attacked by a virus that behaved in ways no other virus ever has.

So it's not completely implausible that, if Iran had been hit with a new virus attack and stopped it successfully, its ego-bruised military leaders might not be eager to share information with the people it accuses of having launched the first attack.

Brigadier Gen. Gholam Reza Jalali, the head of Iran's Passive Defense Organization, is responsible for protecting the country's nuclear development program. So it's understandable he might be one of those less than eager to cooperate with the West.

In a speech a week before his revelation of the Stars virus attack, Jalali blamed German SCADA software developer Siemens for giving too much information about its software to the U.S. which, he charged, helped the U.S. aim Stuxnet at Siemens SCADA apps in Iran's nuclear facilities.

There's no evidence of that, either, but it's one of those open secrets that leak out of the intelligence community, usually as propaganda. It's unclear in this case if the more effective PR picture is the U.S. and Israel letting potential enemies think they might also be attacked by fine-tuned attack viruses, or Iran looking for sympathy by posing as the victim.

Whichever it is, or something else, Jalali is keeping up what pressure he can by claiming to have been attacked again. Until some evidence of Stars gets to Sophos, F-Secure, Symantec or some of the others who are more eager to see Stars code than most Brits are to see the Royal wedding, the whole virus attack story has to stay in the Remotely Possible category.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon