Stars virus

Last updated

The Stars virus is a computer virus which infects computers running Microsoft Windows. It was named and discovered by Iranian authorities in April 2011. Iran claimed it was used as a tool to commit espionage. [1] [2] Western researchers came to believe it is probably the same thing as the Duqu virus, part of the Stuxnet attack on Iran.

Contents

History

The Stars virus was studied in a laboratory in Iran – that means major vendors of antivirus software did not have access to samples and therefore they could not assess any potential relation to Duqu or Stuxnet. [1] [2] Foreign computer experts say they have seen no evidence of the virus, and some even doubt its actual existence. [3] [4] Iran is claiming Stars to be harmful for computer systems. It is said to inflict minor damage in the initial stage and might be mistaken for executable files of governmental organizations. [1] [2]

This is the second attack claimed by Iran after the Stuxnet computer worm discovered in July 2010, which targeted industrial software and equipment. [2] [5]

Researchers came to believe that the Stars virus found by Iranian computer specialists was the Duqu virus. The Duqu virus keylogger was embedded in a JPEG file. Since most of the file was taken by the keylogger only a portion of the image remained. It turned out to be an image taken by the Hubble telescope showing a cluster of stars, the aftermath of two galaxies colliding. Symantec, Kaspersky and CrySyS researchers came to believe Duqu and Stars were the same virus. [6] [7]

See also

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Eugene Kaspersky</span> Russian specialist in the information security field

Yevgeny Valentinovich Kaspersky is a Russian cybersecurity expert and the CEO of Kaspersky Lab, an IT security company with 4,000 employees. He co-founded Kaspersky Lab in 1997 and helped identify instances of government-sponsored cyberwarfare as the head of research. He has been an advocate for an international treaty prohibiting cyberwarfare.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Oghab 2 is an Iranian counter-espionage agency tasked to protect Iran's nuclear facilities from threats, including sabotage and cyber warfare. According to The New York Times, Iran has acknowledged that it is fighting nuclear espionage, and has foiled attempts to recruit spies and defectors to pass secrets out of their enrichment facilities. The New York Times also states this may be due to efforts rumoured to have started under the George W. Bush administration in the United States to sabotage parts imported into Iran. It is claimed these efforts were accelerated under President Barack Obama's administration, with the facilities facing trouble with poor designs and difficulty obtaining parts, due to sanctions imposed by the United Nations.

There are many claims that the Central Intelligence Agency (CIA) has repeatedly intervened in the internal affairs of Iran, from the Mossadegh coup of 1953 to the present time. The CIA is said to have collaborated with the last Shah, Mohammad Reza Pahlavi. Its personnel may have been involved in the Iran-Contra affair of the 1980s. More recently in 2007-8 the CIA were claimed to be supporting the Sunni terrorist group Jundallah against Iran, but these claims were refuted by a later investigation.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is used for targeted cyber espionage in Middle Eastern countries.

Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

The vulnerability of nuclear plants to deliberate attack is of concern in the area of nuclear safety and security. Nuclear power plants, civilian research reactors, certain naval fuel facilities, uranium enrichment plants, fuel fabrication plants, and even potentially uranium mines are vulnerable to attacks which could lead to widespread radioactive contamination. The attack threat is of several general types: commando-like ground-based attacks on equipment which if disabled could lead to a reactor core meltdown or widespread dispersal of radioactivity; external attacks such as an aircraft crash into a reactor complex, or cyber attacks.

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions. The malware, which infected Kaspersky Lab for months without their knowledge, is believed to be the work of Unit 8200. The New York Times alleges this breach of Kaspersky in 2014 is what allowed Israel to notify the US of Russian hackers using Kaspersky software to retrieve sensitive data.

Schmitt analysis is a legal framework developed in 1999 by Michael N. Schmitt, leading author of the Tallinn Manual, for deciding if a state's involvement in a cyber-attack constitutes a use of force. Such a framework is important as part of international law's adaptation process to the growing threat of cyber-warfare. The characteristics of a cyber-attack can determine which legal regime will govern state behavior, and the Schmitt analysis is one of the most commonly used ways of analyzing those characteristics. It can also be used as a basis for training professionals in the legal field to deal with cyberwarfare.

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity. Malware of this type is designed to work in-memory, so its existence on the system lasts only until the system is rebooted.

References

  1. 1 2 3 "Military Daily News". Military.com.
  2. 1 2 3 4 "Iran target of new cyber attack". Archived from the original on April 29, 2011.
  3. "Experts sceptical on new Iran 'cyber attack' claim". arabianbusiness.com.
  4. "ANALYSIS-Experts skeptical on new Iran "cyber attack" claim". reuters.com. Archived from the original on 2011-05-09.
  5. "Israel tests on worm called crucial in Iran nuclear delay". msnbc.com. Archived from the original on 2011-01-17.
  6. Kim Zetter (2014). Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Crown Publishing Group. p. 259. ISBN   9780770436186 . Retrieved January 20, 2015.
  7. "The Duqu Saga Continues: Enter Mr. B. Jason and TV's Dexter". securelist.com.