WP: Iran: Country under attack by second computer virus

http://www.washingtonpost.com/world/iran-country-under-attack-by-second-computer-virus/2011/04/25/AFudkBjE_story.html

Iran: Country under attack by second computer virus

By Thomas Erdbrink and Joby Warrick

April 25, 2011

TEHRAN -- An Iranian military official revealed on Monday that the country had been attacked by a new computer virus apparently aimed at nuclear facilities, an acknowledgment that seemed to suggest a broader campaign by foreign saboteurs to undermine Iran's atomic energy program.

The new computer worm has been dubbed "Stars" by the Iranians and described as an "espionage virus," although few details were made public. In the same announcement, the military also confirmed continuing problems with an earlier virus, "Stuxnet," which began wreaking havoc on Iran's main uranium enrichment facility in 2009.

"The Stars virus has been presented to the laboratory but is still being investigated," said Gholam Reza Jalali, who heads the Passive Defense Organization, which counters sabotage.

A report by the group said the new virus mimics government computer files and is difficult to destroy in its early stages. "No definite and final conclusions have been reached," Jalali said in a report posted Monday on his organization's Web site, paydarymelli.ir.

The statement follows recent official acknowledgments of the damage wrought by Stuxnet, which infected several nuclear facilities and industrial sites and is believed to have destroyed more than a tenth of the centrifuges Iran uses to make enriched uranium.

A military official this month blamed U.S. and Israeli spy agencies for planting the computer worm, although officials in both countries have declined to comment on either of the reported cyber attacks. A U.S. official familiar with clandestine operations said the Iranian reports are being monitored with high interest.

Iran worked frantically last year to replace more than 1,000 Stuxnet-damaged centrifuges at its main uranium enrichment plant at Natanz, and its scientists boasted of making significant strides to overcome the setback. Iran also has notified U.N. nuclear officials of plans to install hundreds of more advanced centrifuges with a dramatically higher production rate and presumably more resistance to sabotage.

Yet the report released on Monday acknowledged that the Stuxnet virus is still not under complete control. "These viruses have a shelf life and can reappear and continue their activity in another form," Jalali said.

Some U.S. and European officials and nuclear experts have said that the toll from the cyber attacks may be greater than initially thought. David Albright, a nuclear weapons expert who has analyzed Stuxnet, said that the worm was designed to continue to operate until 2012, and that it could remain dormant in infected systems until activated by remote command.

Although Iran could attempt to eliminate the malware by replacing computers and erasing hard drives, it remained possible for Stuxnet to reinfect computers without proper protection, or to spread to new facilities and networks, he said.

"The success of Stuxnet would have whetted the appetite of the intelligence community to try again," said Albright, president of the Washington-based Institute for Science and International Security. He cautioned, however, that repeated cyber attacks -- regardless of their authorship -- probably would encourage Iran to retaliate, perhaps by attacking "soft" computer networks used by consumers and businesses in the West.

In addition to the virus problems, the number of industrial incidents reported by Iranian media has increased sharply. Often they are blamed on accidents, but also increasingly on sabotage.

The official Iranian Islamic Republic News Agency also reported Monday that a major 56-inch gas pipeline had exploded in the south of the country, a week after officials blamed two similar pipeline explosions on "acts of sabotage." Authorities said pipe corrosion apparently caused the Monday blast.

The same pipeline, which connects Iran's biggest gas field to its largest gas refinery, exploded under unexplained circumstances last year, the news agency's Web site reported. Nearly a dozen such incidents have occurred in the past 18 months.

Warrick reported from Washington.