Iran under virus attack (or the West under Propaganda Propagation)

Iran military official who threatened Stuxnet retaliation announces second virus attack

Iran has intercepted and stopped a second large-scale cyber attack by intercepting a virus no one has ever heard of and of which Iran has offered no evidence.

The attack comes from a virus called "Stars," according to Gholamreza Jalali, an Iranian military official who leads the civil defense organization Passive Defense, which is responsible for defending against sabotage.

Jalali is the same official who called a week ago for legal reprisals against Siemens, the United States and Israel for the Stuxnet attack.

"Fortunately, our young experts have been able to discover this virus and the Stars virus is now in the laboratory for more investigations," Jalali said in a report posted on his organization's web site, according to AP and Reuters reports.

It may be true that Iran is under attack by another Stuxnet-quality virus, but you couldn't tell that from the type or amount of information Jalali let out.

"The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations," he is quoted as having said (my Farsi is weak and his web site, not surprisingly, doesn't include English translations).

That's great, but could mean anything from "will run on Windows systems" to "can conceal itself as Stuxnet did for two years, pretending to be a legitimate process while taking down as many as 1,000 of the 9,000 centrifuges in the Natanz enrichment plant."

There's never much information about a virus attack this soon after it's first announced. Considering the source of the report and his agenda, I take the report itself with a grain of salt.

None of the major anti-virus sites has any record of a recent Stars virus, though several old ones have star in the name and at least one includes the word as part of really bad fake love-letter dialogue.

This is the guy who said Iran neutralized Stuxnet before it did any damage, just as he's saying it intercepted Stars before it did anything.

His now-weekly comments are either an attempt to make noise internationally and put pressure on Israel or to pressure other factions within his own government to do more than they have in retaliation.

"Perhaps the Foreign Ministry had overlooked the options to legally pursue the case," he said last week about the Iranian government's follow-up to Stuxnet. "It seems our diplomatic apparatus should pay more attention to follow up the cyber wars staged against Iran."

Jalali also warned in both missives that the West could still launch another cyberattack at any time, despite the decomposition of Stuxnet as an immediate threat.

Sounds as much like a politician using his current office to run for a higher one as it does a military guy evaluating the quality of his country's response to the previous attack.

A Cornell law school professor suggests Jalali might be getting more vocal because of the second attack, which is also possible.

I just think Iran is more likely to use a phony or vastly-overblown second "attack" for a social-engineered counterattack (propaganda), than it is that it was able to intercept and neutralize a second virus of the same quality and potential effectiveness of Stuxnet.

Either way, the claim is getting a lot of coverage and I'm sure we'll hear more about it. The fewer technical details we get the less I'll believe it's a real attack and the more it will seem as if it were either a total fake or a run-of-the-mill virus given a new name and placed in the Kangaroo Court dock to play the role of Renewed Threat From the West.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon