Stars virus

The Stars virus is a computer virus which infects computers running Microsoft Windows. It was named and discovered by Iranian authorities in April 2011. Iran claimed it was used as a tool to commit espionage. Western researchers came to believe it is probably the same thing as the Duqu virus, part of the Stuxnet attack on Iran.

History
The Stars virus was studied in a laboratory in Iran – that means major vendors of antivirus software did not have access to samples and therefore they could not assess any potential relation to Duqu or Stuxnet. Foreign computer experts say they have seen no evidence of the virus, and some even doubt its actual existence. Iran is claiming Stars to be harmful for computer systems. It is said to inflict minor damage in the initial stage and might be mistaken for executable files of governmental organizations.

This is the second attack claimed by Iran after the Stuxnet computer worm discovered in July 2010, which targeted industrial software and equipment.

Researchers came to believe that the Stars virus found by Iranian computer specialists was the Duqu virus. The Duqu virus keylogger was embedded in a JPEG file. Since most of the file was taken by the keylogger only a portion of the image remained. It turned out to be an image taken by the Hubble telescope showing a cluster of stars, the aftermath of two galaxies colliding. Symantec, Kaspersky and CrySyS researchers came to believe Duqu and Stars were the same virus.